49 terms

9_AWS - Solutions Architect


Terms in this set (...)

AWS Service Health Dashboard
- provides information about the status of Amazon AWS. You can check here general problems related to the AWS infrastructure and get global communications from the Amazon AWS team.
supports ALL regions; their endpoints therefore do not include a region.
What do Access keys consist of
Access keys consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS whether you're using the AWS SDK, REST, or Query APIs. The AWS SDKs use your access keys to sign requests for you so that you don't have to handle the signing process. If you're unable to use the AWS SDK, you can sign requests manually. For more information, see Signing AWS API Requests.
A key pair consists of
Key pairs consist of a public and private key, where you use the private key to create a digital signature, and then AWS uses the corresponding public key to validate the signature. Key pairs are used only for Amazon EC2 and Amazon CloudFront.

For Amazon EC2, you use key pairs to access Amazon EC2 instances, such as when you use SSH to log in to a Linux instance.

For Amazon CloudFront, you use key pairs to create signed URLs for private content, such as when you want to distribute restricted content that someone paid for.
Amazon AWS account ID is
When you refer to resources, like an IAM user or an Amazon Glacier vault, _____ distinguishes your resources from ones in other AWS accounts.
account ID
You can use Amazon Web Services Support _____.
With pay-by-the-month pricing for the entire AWS service portfolio. AWS Support is a one-on-one, fast-response support from experienced technical support engineers. The service helps customers use AWS's products and features. With pay-by-the-month pricing and unlimited support cases, and support offering covers the entire AWS service portfolio.
_____________________ uniquely identify AWS resources
ARNs. Amazon Resource Names (ARNs) uniquely identify AWS resources. Amazon requires an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.
The _______allows developers to programmatically access its vast repository of information about the traffic and structure of the web.
Alexa Web Information Service allows developers to programmatically access Alexa's vast repository of information about the traffic and structure of the web.
A user is planning to define his own information security management system for AWS. Which of the below mentioned security models should the user learn first?
With Amazon Web Services, to design an ISMS (Information Security Management System) in AWS, the user must first be familiar with the AWS shared responsibility model, which requires AWS and the customers to work together towards the security objectives.
Security Group
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group. When we decide whether to allow traffic to reach an instance, we evaluate all the rules from all the security groups that are associated with the instance.
AWS ELB span
A load balancer is the destination to which all requests intended for your load balanced application should be directed. Each load balancer can distribute requests to multiple EC2 instances. A load balancer is represented by a DNS name and a set of ports. Load balancers can span multiple Availability Zones within an EC2 Region, but they cannot span multiple regions.
encrypt EBS volumes?
With Amazon EBS encryption, you can now create an encrypted EBS volume and attach it to a supported instance type. Data on the volume, disk I/O, and snapshots created from the volume are then all encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage. EBS encryption is based on the industry standard AES-256 cryptographic algorithm.

To get started, simply enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI. Amazon EBS encryption is available for all the latest EC2 instances in all commercially available AWS regions.
In relation to Amazon Machine Images you are able to setup other instances with the same AMI using a/an ___________.
You are able to setup other instances with the same AMI using an EC2 Instance. After you've customized the instance to suit your needs, create and register a new AMI, which you can use to launch new instances with these customizations.
What does the following policy for Amazon EC2 do?
You can use IAM policies to control the actions that your users can perform against your EC2 resources.

For instance, a policy with the following statement will allow users to perform actions whose name start with "Describe" against all your EC2 resources.
What is the monthly charge for using the public data sets?
There is no charge for using the public data sets of Amazon EC2.
Out of the 3 Reserved Instance types, which requires the highest upfront commitment?
There are three Reserved Instance types (Light, Medium, and Heavy Utilization Reserved Instances) that enable you to balance the amount you pay upfront with your effective hourly price.
What type of reserved instances are ideal for periodic workloads that run only a couple of hours a day or a few days per week?
Light Utilization Reserved Instances are ideal for periodic workloads that run only a couple of hours a day or a few days per week. Using Light Utilization Reserved Instances, you pay a one-time fee followed by a discounted hourly usage fee when your instance is running. You start saving when your instance is running approximately between 11 percent and 19 percent of the time over the Reserved Instance term, and you can save up to 49 percent off of the On-Demand rates over the entire term of your Reserved Instance.
In regard to the following statement. "Availability Zones (a.k.a AZ) within a region might have a different mapping 'AZ id - AZ physical location', for each user. Therefore the Availability Zone 'us-east-1a' of the user A, might not refer to the same physical location that the Availability Zone 'us-east-1a' (same ID) for the User B."
To ensure that resources are distributed across the Availability Zones for a region, Amazon AWS independently map Availability Zones to identifiers for each account. For example, your Availability Zone us-east-1a might not be the same location as us-east-1a for another account. Note that there's no way for you to coordinate Availability Zones between accounts.
What happen to the data on root device of an Instance Store-Backed EC2 instance when the instance is terminated?
Data on instance store volumes persists only during the life of the instance; you can also attach Amazon EBS volumes that persist after instance termination.There is a big distinction with Amazon EBS Backed Instance, in this case data persists after the instance's termination.
Can a single EBS volume be attached to multiple EC2 instances at the same time?
You can't attach an EBS volume to multiple EC2 instances. This is because it is equivalent to using a single hard drive with many computers at the same time.
Which of the parameters given below do not affect the instance boot time?
When a user launches an instance it takes around 10 minutes or less for the instances to begin their boot sequences. This time can be affected by factors, such as the size of the AMI, number of instances being launched and how recently the user had launched that AMI. If that AMI is being used for first time then it will take a much longer time to boot the instance. The creation date of the AMI does not affect the instance boot time. This is because it depends more on the last time that the instance was launched from the same AMI.
Which of the options given below will work as authentication for the Auto Scaling CLI?
AWS does not provide the console for Auto Scaling. The user has to use SDK, CLI or Query API to configure Auto Scaling. The user needs to provide either the AWS keys or the X.509 certificates with the AWS Auto Scaling command line tool.
Which instance family is more suitable for NoSQL DB, such as Cassandra or MongoDB?
The storage optimized instance family includes the HI1 and HS1 instance types. They use Intel Xeon processors with direct-attached storage options and are ideal for applications with specific disk I/O and storage capacity requirements. HI1 instances provide very fast SSD-backed instance storage and are also capable of supporting over 120,000 random read IOPS. HI1 instances are ideally suited for transactional systems, which can manage their own resiliency. Thus, they are suitable for NoSQL DB and provide an advantage of a very high random I/O performance and low request latency of direct-attached SSDs.
In Amazon EC2, which type of instances offer SSD-based instance storage that delivers higher I/O performance?
Amazon EC2 M3 instances offer SSD-based instance storage that delivers higher I/O performance. M3 instances are also less expensive than M1 instances.
In Amazon EC2 for data requiring a higher level of durability it is recommended to use ______________.
It is recommended that you use the local EC2 instance store for temporary data and for data requiring a higher level of durability it is recommended using Amazon EBS volumes or backing up the data to Amazon S3.
What happens to data on an ephemeral volume of an EBS-backed EC2 instance if it is terminated or if it fails?
Any data on the instance store volumes persists as long as the instance is running, but this data is deleted when the instance is terminated or if it fails (such as if an underlying drive has issues).
A user is going to launch an instance from a community AMI. What advice will you recommend to the user?
AWS recommends that an instance should be launched only if it is from AWS or from AWS trusted parties, such as Bitnami, Oracle, etc. If the party is not trusted it is not recommended to launch the instance since it may have some malware or a security threat.
A user has launched an EC2 instance under the free usage tier. The user wants to have some temporary storage attached to the instance. How can the user have ephemeral storage?
In Amazon Web Services, under a free usage tier the user has options only for an EC2 micro instance. The micro instance is launched from an EBS backed AMI and cannot have ephemeral storage.
What does RRS stand for when talking about S3?
In Amazon S3, RRS stands for Reduced Redundancy Storage
Where is an object stored in Amazon S3?
A bucket is a container for the object. Any object stored inside S3 is always stored inside a bucket. The objects stored in Amazon S3 are addressable under the domain bucketname.s3.amazonaws.com.
Which of the parameters given below is not a part of the parameter list when the user has clicked "Enable Website Hosting" in the AWS S3 console under "Static Website Hosting"?
The user can host a static website on AWS S3 by storing the site content on the bucket. In the bucket properties, the user has to select the "Static Website Hosting" option.

In the three options available select "Enable Website Hosting". The configuration includes the following:

Index document: A default page which is loaded when the website is accessed.
Error document: The page which S3 will return when there is a 4XX error.Redirects all requests:

The user can create two buckets: one with rootdomain.com and another with www.rootdomain.com

The user can set the forwarding rules in either of the bucket. Thus, when one bucket is accessed it will redirect the request to the other bucket. The bucket name is never part of the configuration list as the website hosting configuration is done for a particular bucket and the config field cannot have the name again as a parameter.
Which of the below mentioned statements are true for the AWS S3 object?
AWS S3 objects are accessible over the internet. The object has to be part of the S3 bucket and cannot be stored outside the bucket. The object is accessible over the internet using the URL:

http://<bucket name>.s3.amazonaws.com/<object name>
Which of the below mentioned security mechanisms does the AWS S3 bucket support?
AWS S3 supports the Access Control List and the bucket policy. ACL allows the user to define the broad level access of a bucket which is applicable only to the bucket and not to the underlying objects. The Bucket policy is a finer access and applicable to all within the bucket. AES-256 encryption, while a method of security, doesn't apply in this case, since it happens at an object level and not a bucket level.
For an EC2 application hosted in US East, which URL would result in consistent, lower latency for connections to Amazon S3?
The user needs to send the REST requests to the service's pre-defined endpoint. For the S3 US Standard region there are two end points. The user can call any one of those two endpoints:

s3.amazonaws.com (Northern Virginia or Pacific Northwest)
s3-external-1.amazonaws.com (Northern Virginia only)

For "s3-external-1.amazonaws.com", Amazon S3 routes the requests to a facility in Northern Virginia. This is useful in a scenario where the user requires low-latency access to the Amazon S3 data from the Amazon EC2 in the Northern Virginia region.
Which is the default (STANDARD) region for AWS S3?
The US East is the standard region for AWS S3. If the user does not specify the region while creating bucket, it will create it in the US East region by default.
Where is the option to set the tags for a bucket available in the S3 management console?
The user can tag the buckets using the name value pair, which is useful to find the costing based on tagging. Tagging can be performed by the S3 management console from: Bucket Properties -> Tags.
Can a bucket created by the user have two tags with the same key?
The user can tag the buckets using the name value pair, which is useful to find the costing based on tagging. The bucket cannot have two tags with the same key. If the user tries to create another tag with the same key, it will overwrite the previous one.
What does AWS S3 do when the user updates the metadata using the S3 management console?
Each Amazon S3 object has metadata. It is a set of name-value pairs. The user can set the object metadata at the time of creation. After the object is uploaded, the user cannot modify the object metadata. The only way to modify the object metadata is to make a copy of the object and set the metadata. The user can use the Amazon S3 management console to update the object metadata. However, S3 makes an object copy internally to replace the existing object to set the metadata.
When uploading an object using the REST API, can the user define the metadata other than the standard metadata?
When a user is uploading an object using the Rest APIs, he can provide the optional user defined metadata. The user defined meta data should begin with "x-amz-meta-" to distinguish it from the other HTTP headers.
If a user is making an HTTP Rest call to create an object and wants to define the metadata, what should the user defined metadata begin with?
When a user is uploading an object using the Rest APIs, he can provide the optional user defined metadata. The user defined meta data should begin with "x-amz-meta-" to distinguish it from the other HTTP headers. When uploading objects using the SOAP API, the prefix is not required. When the user retrieves the object using the SOAP API, the prefix is removed, regardless of which API the user is using to upload the object.
A user has uploaded log files to the S3 bucket. The user wants to delete the logs which are more than 30 days old. How can the user configure this?
The lifecycle rule with the S3 bucket allows the user to archive or delete objects after a certain period. It defines how S3 manages the lifecycle.
A user has archived an object using the S3 bucket life cycle rule. If the user requests to restore the object using the S3 console, how long will the object be available?
An object that has been archived can be restored using the S3 console. However the restored object has a limited lifespan, which is set during the restore request.
A user has archived an object using the S3 bucket life cycle rule. If the user wants to delete the object, can he delete it immediately?
When a user has archived the object using the bucket life cycle rule, he can delete the object using the S3 console. When the user selects and deletes the object, it will be deleted immediately.
In relation to Amazon S3 ,when the user is uploading a large object using the multipart upload, the user is required to send a unique ________ sent by S3 during initialization.
When the user is uploading a large object using the multipart upload, the user is required to send a unique upload ID sent by S3 during initialization. The user also needs to send the part number. The Upoad ID helps to track the part number and its position. S3 returns the ETag header in response. The Etag value must be sent in each subsequent request along with the part number as it helps to track as well as close the process.
When the user is uploading a large object to S3 using the multipart upload, for which of the below mentioned services will AWS S3 NOT charge?
Once the user initiates the multipart upload for a large object, Amazon S3 retains all the parts until the process is either completed or aborted. The user is billed for all the storage, bandwidth, and requests for the multipart upload and its associated parts. If the user aborts the multipart upload, Amazon S3 deletes the uploaded artefacts and any parts that the user has uploaded. Subsequently, S3 will not charge the user.
There is an object named "log/log1.txt". There is another object named "log/log2.txt". What does "log/" mean for these objects?
Amazon S3 does not have concept of a folder, there are only buckets and objects. The Amazon S3 console supports the folder concept using the object key name prefixes. For example, if you have object name photos/2013/example.jpg. Then console will show you folder photos containing folder 2013, containing the object example.jpg.
When you want to copy data from S3 to Amazon Redshift, what would be the advantage of splitting your input data into multiple files?
In Amazon Redshift, you can load table data from a single file, or you can split the data for each table into multiple files. It is strongly recommended to divide your data into multiple files to take advantage of parallel processing.
What is the Amazon S3 objects range size?
The total volume of data and number of objects you can store are unlimited. Individual Amazon S3 objects can range in size from 1 byte to 5 terabytes. The largest object that can be uploaded in a single PUT is 5 gigabytes. For objects larger than 100 megabytes, customers should consider using the Multipart Upload capability.