Upgrade to remove ads
AWS Solutions Associate Certification
Terms in this set (395)
What are the three types of support plans available on AWS?
What can you create in IAM that gives a set of permissions to multiple users simultaneously?
True/False: An IAM User can belong to multiple groups.
What language are IAM policies written in?
What is the name for a set of permissions that can be assigned to an AWS service through IAM?
What can you set up to make sure that the passwords that IAM Users are using are secure?
True/False: IAM is restricted to single Region.
What can you add to your ROOT account to make it more secured?
MFA (Multi-Factor Authentication)
What are the two ways that an IAM User can interact with AWS?
Console & CLI
True/False: IAM Users are given NO PERMISSIONS when first created.
What is it called when you allow users to login to AWS from a different identity provider (Azure AD, Facebook, etc.)?
What is the most powerful type of access for an IAM user?
What is the second most powerful type fo access for an IAM user?
Power User Access
How does Power User Access differ from Administrator Access?
Power User Access has all the same permissions as administrators except the ability to manage IAM Users & Groups
What does S3 stand for?
Simple Storage Service
What is the minimum file size that can be uploaded to S3?
What is the maximum file size that can be uploaded to S3?
What type of storage does S3 provide?
True/False: S3 storage is spread across AZ's.
True/False: S3 is region specific.
What is the availability of S3-Standard?
What is the durability of S3-Standard?
True/False: All S3 storage tiers have the same level of durability.
True (11 9's)
True/False: All S3 storage tiers have the same level of availability?
What is the level of availability of S3-Standard-IA?
What does S3-Standard-IA stand for?
S3 Standard Infrequently Accessed
What is the availability of S3-OneZone-IA?
What is the standard retrieval time for Glacier?
What 5 things are you charged for when using S3?
Storage, Requests, Tags, Data Transfer, Transfer Acceleration
How does S3 Transfer Acceleration work?
Users upload to CloudFront edge locations, which takes care of transferring the objects to S3 on AWS Backbone Network
What is the maximum number of S3 buckets allowed per account?
True/False: S3 buckets must have a universally unique name.
What is the URL format for S3 buckets in us-east-1 (N. Virginia)?
What is the URL format for S3 buckets not in us-east-1?
What 5 components does an object in S3 consist of?
Key (Name), Value (bytes), Version ID, Metadata, Subresources
What should you use to secure individual files on S3?
Access Control Lists
What should you use to secure entire buckets on S3?
What type of consistency does S3 provide for PUTS of new objects?
Read after Write Consistency
What type of consistency does S3 provide for overwrite PUTS and DELETES?
What HTTP response do you receive after successfully uploading an object to S3?
Are S3 resources private or public by default?
What are the two broad categories of encryption options for S3?
Server-Side Encryption and Client-Side Encryption
What are the three types of Server-Side Encryption for S3?
1. Amazon S3 Managed Keys (SSE-S3)
2. Amazon Key Management Services (SSE-KMS)
3. Customer Provided Keys (SSE-C)
Once versioning is enabled on an S3 bucket, are you able to disable it?
No, it can only be suspended.
Does deleting an object from an S3 bucket with versioning enabled permanently remove it?
No, a new version is added as a Delete Marker.
How can you add an additional layer of security against unauthorized deletion of objects in an S3 bucket?
Enable Versioning MFA Delete
What does CRR stand for in S3?
Cross Region Replication
What are the three ways you can enable CRR on an S3 bucket?
1. Entire Bucket
2. By Tags
3. By File Pattern
When you enable CRR on an S3 bucket, are existing files automatically replicated?
No, only new files are automatically replicated
Are delete markers replicated if you have CRR and versioning enabled on S3 buckets?
No, you must individually delete files from each bucket.
True/False: If you want to do CRR on a bucket that has versioning enabled, the replication bucket also has to have versioning enabled.
What are the two type of versions that lifecycle management transitions can be enabled for on S3?
1. Current Version
2. Previous Version
(Can do both!)
Are CloudFront edge locations the same as AZ's?
No, edge locations are separate from AZ's and regions
What are the 4 types of Origins allowed for CloudFront?
1. S3 Buckets
2. EC2 Instances
3. Elastic Load Balancer
4. Route 53
What is the name for a a CDN that consists of a collection of Edge Locations?
What is the term that specifies how long an object is cached at a CloudFront Edge Location?
Time To Live (TTL)
What are the two types of content delivery available with CloudFront?
1. Web Distribution
2. RTMP (used for media streaming)
True/False: You can both write to and read from CloudFront edge locations.
True/False: It is free to clear cached objects on CloudFront.
What are the two ways that you can restrict viewer access on CloudFront?
1. Signed URLs
2. Signed Cookies
True/False: You can have multiple origins for the same CloudFront distribution.
What are the two broad types of encryption?
1. In Transit
2. At Rest
What is the name of the AWS service that provides a link from your on-prem data center to AWS?
AWS Storage Gateway
What are the 4 types of Storage Gateways?
1. File Gateway (NFS)
2. Volumes Gateway - Stored Volumes
3. Volumes Gateway - Cached Volumes
4. Tape Gateway (VTL)
What is the difference between the two type of Volume Gateways on AWS Storage Gateway?
Stored Volumes allow you to store your volume snapshots on AWS.
Cached Volumes allow you to store actual volumes on AWS EBS, while caching frequently accessed data locally.
What is AWS Storage Gateway - Tape Gateway used for?
Backup and Lifecyle
What is AWS Storage Gateway - File Gateway used for?
Storing flat files in S3 buckets
What service preceded AWS Snowball?
AWS Import/Export Disk
What are the 3 types of AWS Snowball?
1. Snowball (storage only)
2. Snowball Edge (storage + compute)
3. Snowmobile (container truck)
True/False: Snowball can both import to and export from S3.
What service does S3 Transfer Acceleration make use of?
True/False: You can host a static website using only S3.
What are the 4 EC2 pricing options?
1. On Demand
4. Dedicated Hosts
What are the 6 instance families available for EC2?
1. General Purpose (a,m,t)
2. Compute Optimized (c)
3. Memory Optimized (r,x,z)
4. Storage Optimized (d,h,i)
5. Accelerated Computing (f,g,p)
6. Bare Metal
What does EBS stand for?
Elastic Block Storage
What are the two broad types of storage available for EBS?
SSD and Magnetic (HDD)
What are the two types of SSD storage available for EBS?
1. General Purpose (GP2)
2. Provisioned IOSP (IO1)
What are the two types of Magnetic storage available for EBS?
1. Throughput Optimized (ST1)
2. Cold (SC1)
True/False: EBS Volumes are spread across AZ's.
True/False: Both SSD and Magnetic (HDD) storage can be used as boot volumes.
False (only SSD)
True/False: You can encrypt a boot volume.
True/False: Termination Protection for EC2 instances is off by default.
True/False: Default action is for root EBS Volume to be deleted on instance termination.
True/False: You can encrypt additional (non-Root) EBS volumes.
True/False: Every EC2 instance is assigned to a subnet.
Are Security Groups stateful or stateless?
How long foes it take for a rule change on a security group to go into effect?
Rule changes for security groups go into effect immediately.
Are Network Access Control Lists (NACLs) stateful or stateless?
True/False: By default, all instances in the same security group are allowed to do ay type of traffic to/from each other.
True/False: Each EC2 instance can only be associated with a single security group.
True/False: All inbound traffic on a Security Group is blocked by default.
True/False: All outbound traffic on a security group is allowed by default.
True/False: You can block specific IP addresses with Security Groups.
True/False: You can block specific IP addresses with NACLs.
True/False: To mount an EBS volume on an EC2 instance, they must be in the same AZ.
What are the 2 steps to move an EBS volume from one AZ to another?
1. Take snapshot of volume
2. Create volume in another AZ from the snapshot
What are the 3 steps to move an EC2 instance between Regions?
1. Create AMI
2. Copy AMI to new Region
3. Launch new EC2 instance from the copied AMI
What is the difference between snapshots and AMIs?
Snapshots are used for backup, while AMIs are used for launching new instances.
True/False: You can take a snapshot of an instance while it is running.
True/False: Snapshots of encrypted volumes are encrypted automatically.
True/False: You can share encrypted snapshots.
True/False: You don't have to, but it is best practice to stop an instance before taking a snapshot.
True/False: It is possible to encrypt a root volume if you copy it.
True/False: You can stop instances that use instance store volumes as root.
False, can only reboot.
Why are instance store volumes called "ephemeral"?
If the host goes down all data is lost.
True/False: You cannot detach instance store volumes.
What are the 3 types of load balancers available on AWS?
1. Application Load Balancer (Layer 7)
2. Network Load Balancer (Layer 4)
3. Classic Load Balancer (Layer 7 & 4)
What type of load balancer would be desired to send specific requests to specific web servers?
Application Load Balancer
What type of load balancer would be best if extreme performance was needed?
Network Load Balancer
What is the X-Forwarded-For Header used for?
It allows the load balancer to forward the end-user's IP address to the destination application.
What type of error is returned if an application is not responding to a load balancer within the idle timeout period?
504 Error - Gateway Timeout
What are the two reporting statuses of instances monitored by ELB health checks?
True/False: You are never given the IP address for a load balancer.
True/False: Snapshots are stored incrementally.
What are the 5 pillars of the AWS Well-Architected Framework?
3. Performance Efficiency
4. Cost Optimization
5. Operational Excellence
What are the two types of monitoring available on CloudWatch?
1. Basic Monitoring
2. Detailed Monitoring
How often does basic monitoring on CloudWatch report metrics?
Every 5 minutes
How often does detailed monitoring on CloudWatch report metrics?
Every 1 minute
What feature on CloudWatch allows you to respond to state changes?
What feature on CloudWatch allows you to see a detailed rundown of what is happening on an EC2 instance?
What feature on CloudWatch allows you to setup notifications when you hit particular thresholds?
What is the difference between CloudWatch and CloudTrail?
CloudWatch is for logging and monitoring, while CloudTrail is for auditing
True/False: Best practice is to store your AWS programmatic access credentials on an EC2 instance.
True/False: IAM Roles is the best way to allow AWS services to interact with each other.
True/False: The AWS CLI tool is automatically installed on the AWS Linux AMI.
True/False: IAM Roles are created globally.
How can you go about installing software / running commands on an EC2 instance automatically when it is launched?
What IP address is used to get the metadata for an EC2 instance?
True/False: EC2 instances in a single autoscaling group can exist in multiple Regions.
True/False: It is best practice to select all available subnets in a Region when configuring an autoscaling group.
True/False: Autoscaling groups will automatically assign instances to the different subnets you specify.
What is the name of the specified amount of time that an autoscaling group should wait after instance creation before starting to run health checks?
What are the two types of EC2 Placement Groups?
1. Clustered Placement Groups
2. Spread Placement Groups
True/False: Placement Groups must have a unique name within your AWS account.
What is the purpose of a Clustered Placement Group?
Allowing applications that need low latency and high throughput to be placed into the same AZ.
True/False: Instances in a Clustered Placement Group can span multiple AZ's.
True/False: Instances in a Spread Placement Group can span multiple AZ's.
What is the purpose of a Spread Placement Group?
Ensuring that a group of instances are placed on distinct underlying hardware to reduce risk of simultaneous failures.
What does EFS stand for?
Elastic File System
What type of storage is EFS?
True/False: EFS data is stored across multiple Regions.
True/False: EFS data is stored across multiple AZ's.
True/False: EC2 instances must be in the same security group as the EFS file system that is mounted.
True/False: You can restrict only individual file access on EFS Volumes.
True/False: You can restrict both individual file and entire directory access on EFS Volumes.
When should you use EFS instead of EBS?
When you want multiple instances to share the same storage volumes
True/False: EFS can be used as the root volume for an EC2 instance.
What are the 2 broad ways that Lambda functions can be triggered?
1. Events from other AWS services
2. HTTP requests through API Gateway & API calls through AWS SDKs
What 4 languages are currently supported by Lambda?
How are the two broad ways that Lambda is priced?
1. Number of Requests
What is the maximum allowed duration time for a Lambda function?
True/False: Lambda is useful because it automatically scales vertically based on traffic.
True/False: Lambda is useful because it automatically scales horizontally based on traffic.
What AWS services have triggers that are currently by Lambda (12)?
1. API Gateway
2. AWS IoT
3. Alexa Skills Kit
4. Alexa Smart Home
6. CloudWatch Events
7. CloudWatch Logs
9. Cognito Sync Trigger
True/False: Lambda functions can trigger other Lambda functions.
What AWS service is used to do end-to-end debugging of application architectures?
True/False: Lambda functions are provisioned globally.
True/False: Lambda functions can access global resources.
What type of consistency does EFS offer?
Read after Write
What 2 types of hypervisors does EC2 support?
What does ECS stand for?
Elastic Container Service
True/False: You must use the ECS Agent if you want to use ECS.
How many bits is an IPv4 address?
How many bits is an IPv6 address?
What is a top level domain?
The last word in the domain name (i.e. .com, .edu, .gov)
What are the 12 different types of DNS records on Route 53?
1. SOA (Start of Authority)
2. NS (Name Server)
3. A (IPv4 Address)
4. CNAME (Canonical Name)
5. MX (Mail Server)
6. PTR (Pointer)
7. AAAA (IPv6 Address)
8. TXT (Text)
9. SRV (Service Locator)
10. SPF (Sender Policy Framework)
11. NAPTR (Name Authority Pointer)
12. CAA (Certification Authority Authorization)
True/False: A CNAME record can be used for a naked domain.
What is the name of the type of record unique to AWS that allows you to map a naked (or other) domain directly to an AWS service?
What does TTL stand for?
Time to Live
What does the TTL length specify?
The length of time that a DNS record is cached on either the Resolving Server or the user's local PC
What are the 6 types of routing offered by Route 53?
1. Simple Routing
2. Weighted Routing
3. Latency-Based Routing
4. Failover Routing
5. Geolocation Routing
6. Multivalue Answer Routing
When should you use a Simple Routing policy?
When you want to map your domain to a single resource.
When should you use a Weighted Routing policy?
When you want to send a certain percentage of requests to each of a set of resources.
When should you use a Latency Routing policy?
When you want your end user to use the lowest network latency available for a group of resources.
True/False: You must create a separate record set for each resource in a weighted routing policy.
True/False: You must create a separate record set for each resource in a latency-based routing policy.
When should you use a Failover Routing policy?
When you want to route to a resource (active), but have a backup (passive) in case of failure.
When should you use a Geolocation Routing policy?
When you want to send traffic to specific resources based on the geolocation of your end user.
When should you use a Geoproximity Routing policy?
When want to send traffic to specific resources based on the location of your end user and the location of your resources.
When should you use a Multivalue Answer Routing policy?
When you want to randomly respond with multiple addresses for a DNS query and select one randomly.
How many EIP's are allowed per region?
What does EIP stand for?
How many domain names are allowed per AWS account?
What are the 6 types of relational databases available on AWS?
1. Microsoft SQL Server
5. Amazon Aurora
What is the name of Amazon's Non-Relational Database offering?
What is the primary use-case for a Data Warehouse?
What does OLTP stand for?
Online Transaction Processing
What does OLAP stand for?
Online Analytics Processing
True/False: A relational database is an example of OLAP.
True/False: AWS Redshift is an example of OLAP.
What are the two engines supported by Elasticache?
What is the purpose of Elasticache?
It allows you to improve performance by retrieving information from fast, managed, in-memory caches, instead of relying entirely on slower disk-based databases.
What is Amazon's primary Data Warehouse solution?
True/False: RDS instances exist in a single AZ.
True/False: You are given an IP address for an RDS instance.
True/False: You are only given a DNS name for for an RDS instance.
True/False: For an EC2 instance to communicate with a database, you must create an inbound rule on the database for the security group that the EC2 instance is in.
True/False: Automatic backups are enabled by default on RDS.
True/False: AWS gives you backup storage space equal to the size of your database for free.
What are the 2 types of backups you can use for RDS?
1. Automated Backups
2. Database Snapshots
What is the minimum retention period for automated RDS backups?
What is the maximum retention period for automated RDS backups?
True/False: Storage I/O may be suspended while your RDS data is being backed up.
True/False: Automated backups are preserved after you delete the original RDS instance.
True/False: Database snapshots are preserved even after your delete the original RDS instance.
True/False: You can encrypt an existing RDS instance.
True/False: Encryption is supported for all RDS instances.
True/False: A Multi-AZ RDS deployment automatically syncs your database to backups in other AZ's.
True/False: AWS will automatically route traffic to the backup instance in a Multi-AZ RDS deployment if the primary was to fail.
True/False: RDS Read Replicas are used for Disaster Recovery.
True/False: Multi-AZ RDS deployments are used for increase performance and scaling.
What is the default number of read replicas available for an RDS database?
True/False: You can create Read Replicas of Multi-AZ source databases.
True/False: You can create a Multi-AZ read replica instance.
True/False: Read Replicas can be promoted to their own databases.
What type of replication is done for Read Replica databases?
What are the 4 types of RDS engines supported by Read Replicas?
4. Amazon Aurora
True/False: DynamoDB is stored on SSD storage.
True/False: DynamoDB is spread across 3 geographically distinct data centers.
What are the 2 types or Reads available for DynamoDB?
1. Eventual Consistent Reads (Default)
2. Strongly Consistent Reads
What is the default type or Reads on a DynamoDB instance?
Eventual Consistent Reads
What are the 3 parts of DynamoDB pricing?
1. Write Throughput
2. Read Throughput
What type of scaling is available on DynamoDB?
Push Button Scaling
What are the two types of nodes in a multi-node Redshift cluster?
1. Leader Node
2. Compute Node
What type of storage does Redshift use?
Columnar Data Storage
What is the advantage that allows columnar data to be more efficient in Redshift?
Columnar data can be compressed much more and more efficiently that row-based data.
How does Redshift's multi-node structure allow it to have extremely fast performance?
Massively Parallel Processing (MPP)
What are the 3 components of Redshift pricing?
1. Compute Node Hours
3. Data Transfer (across Regions)
What 2 types of encryption does Redshift use?
1. Encryption in Transit (SSL)
2. Encryption at Rest (AES-256)
True/False: Redshift supports Multi-AZ deployments.
True/False: Elasticache is a good solution to alleviate stress on a database if the database is very read heavy and not prone to frequent changing.
True/False: Redshift is a good solution to alleviate stress on a database if the database is being slowed down because of management running OLAP transactions.
True/False: Amazon Aurora can run on any cloud provider infrastructure.
True/False: Amazon Aurora is MySQL compatible.
What are the 2 types of replicas available for Amazon Aurora?
1. Aurora Replicas
2. MySQL Read Replicas
How many Aurora Replicas are allowed per Aurora instance?
How many MySQL Read Replicas are available per Aurora instance?
What does VPC stand for?
Virtual Private Cloud
How many AZ's are associated with a single subnet?
What is the max number of subnets you can create in a single VPC?
How many VPC's can you have per AWS account?
How many Internet Gateways can be attached to a VPC?
True/False: Every time a new subnet is created it is automatically associated with the main route table.
True/False: You can enable "automatically assign public ip address" for public subnets to automaticaly assign a public IP address to any EC2 instance created in that subnet.
True/False: Security Groups span VPC's.
What 3 things are automatically created when you create a new custom VPC?
1. A Single Route Table
2. A Single Security Group
3. A Single NACL
True/False: When creating a NAT instance, "Source/Destination Check" is automatically disabled on the instance.
True/False: NAT instances can be in a public or private subnet.
True/False: NAT instances must be in a public subnet.
True/False: In order to access a NAT instance from a private subnet, there must be a route out of the private subnet.
True/False: The amount of traffic that a NAT server can handle is directly related to the instance size.
True/False: You can provision NAT servers in an Autoscaling Group.
True/False: NAT Gateways scale automatically.
What is the maximum throughput for a NAT Gateway?
True/False: You must still update your route table in order to make use of a NAT Gateway from a private subnet.
True/False: You do not need to disable Source/Destination Checks on a NAT Gateway.
True/False: NAT Instances are more secure the NAT Gateways.
Between NAT Gateways and NAT instances, which one is associated with a Security Group?
What does NACL stand for?
Network Access Control List
How many NACL's per subnet?
True/False: Default NACL configuration for a new custom NACL is deny everything.
True/False: The Default NACL associated with a VPC allows all traffic.
True/False: You can block specific IP addresses with a NACL.
True/False: You can block specific IP addresses with a Security Group.
By what number should you implement NACL rules by?
True/False: Each subnet in your VPC must be associated with a NACL.
True/False: If a subnet is not explicitly associated with a NACL, it is automatically associated with the default NACL.
True/False: A subnet can be associated with multiple NACLs.
True/False: A NACL can be associated with multiple subnets.
True/False: NACL rules with the highest rule number are given precedence.
True/False: NACLs have separate inbound and outbound rules that can either allow or deny traffic.
True/False: NACLs are stateful.
True/False: NACLs are stateless.
True/False: you should allow ephemeral ports on your outbound NACL policies only.
True/False: NACLs operate at the instance level.
True/False: NACLs operate at the subnet level.
True/False: Security Groups operate at the instance level.
True/False: Security Groups operate at the subnet level.
True/False: Security Groups support allow rules only.
True/False: Security Groups are stateful.
True/False: Security Groups evaluate rules in numer order.
True/False: NACLs support deny rules only.
What 3 levels can VPC Flow Logs be created at?
3. Network Interface
True/False: You cannot change a Flow Log configuration after creating it.
True/False: All IP traffic is monitored by VPC Flow Logs.
What is the advantage of a Bastion host?
It allows you to only have to harden one single instance.
True/False: Bastion hosts can be made highly available by using autoscaling groups.
True/False: Bastion hosts are used to connect private instances to the internet.
True/False: Bastion hosts are used to securely administer private instances.
True/False: By default, instances in new subnets in a custom VPC can communicate with each other across AZ's.
What is the purpose of VPC End Points?
Allow connections from private subnets to other AWS services without use of a NAT Gateway / Instance.
What is the purpose of an Egress-Only Internet Gateway?
To allow IPv6 egress-only traffic from the VPC to the internet.
If an instance belonging to an Elastic Load Balancer fails its health check, what will the ELB do?
The ELB will de-register the instance and stop sending traffic to it.
You have a small database workloads with infrequent I/O. Which storage medium would the most cost-effective way to meet these requirements?
Amazon RDS Magnetic Storage
True/False: Amazon RDS can use the Cold Storage option.
You are working for a real estate company and you need to be able to record configuration changes to Amazon RDS DB Instances, DB Subnet Groups, DB Snapshots, DB Security Groups, and Event Subscriptions. Which AWS service should you use to achieve this?
In a Multi-AZ RDS instance, are backups taken from the primary or standby instance?
Do Multi-AZ RDS deployments do synchronous or asynchronous replication?
Are subnets created automatically when you create a new VPC?
What is AWS OpsWorks?
A configuration management service that provides managed instances of Chef and Puppet.
What does AWS WAF (Web Application Firewall) do?
Gives you control over which traffic to allow or block to your web applications by defining customizable web security rules
What is Amazon Macie?
A security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS.
What is AWS Shield?
A managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS
What three types of metrics does CloudWatch report automatically for EC2?
What is the maximum number of EC2 instances you can launch into a single VPC at one time without requesting an increase?
How long can a message be retained in an SQS queue?
What are the two services that you can forward Flow Logs to?
Which 3 AWS services allow you to run Docker containers natively?
3. Elastic Beanstalk
What 5 things does AWS TrustedAdvisor check?
1. Cost Optimization
3. Fault Tolerance
5. Service Limits
In what 2 ways can roles be granted to Docker containers on AWS?
1. Role granted to an ECS Task
2. Role granted to ECS Container Instances
What is the prefix for AWS-specific headers on PUT requests for S3 buckets?
What 3 things can you do with AWS Organizations?
1. Create groups of accounts
2. Automate account creation
3. Apply and manage policies for those groups
What are the two types of keys that can be used for a DynamoDB table?
1. Partition Key (required)
2. Sort Key
What type of disk does DynamoDB use to store data under the hood?
True/False: DynamoDB stores data partitioned across a number of nodes.
What does SQS stand for?
Simple Queue Service
Is SQS a "push-based" or "pull-based" system?
What are the two types of queues available in SQS?
1. Standard Queues (default)
2. FIFO Queues (first-in-first-out)
What is the shortest amount of time that a message can be retained in an SQS queue?
What is the longest amount of time a message can be retained in an SQS queue?
What is the default amount of time that a message is retained in an SQS queue?
True/False: SQS guarantees your messages will be processed at least once.
What is the Visibility Timeout in an SQS queue?
The amount of time that the message is invisible to other consumers after one consumer picks up the message.
What is the default Visibility Timeout length in SQS?
What is the maximum length of time the Visibility Timeout of an SQS queue can be set to?
What is the size of SQS messages?
What are the two types of polling that can be done on an SQS queue?
1. Short Polling (default)
2. Long Polling
Which type of SQS polling can save you money?
What is the difference between Long Polling and Short Polling for SQS?
Short polling returns immediately even if the SQS queue is empty. Long Polling does not return until a message arrives in the queue or the long poll times out.
What does Amazon SWF stand for?
Simple Work Flow
What are the 3 types of actors in Amazon SWF?
What is the name of the entity that workflow activities and execution are scoped to in Amazon SWF?
What is the maximum length for a workflow in Amazon SWF?
What is the main difference between SQS and SWF?
SWF ensures that a task is assigned only once and is never duplicated.
True/False: If human interaction is required, you should always use SWF instead of SQS.
What does Amazon SNS stand for?
Simple Notification Service
Is SNS "pull-based" or "push-based"?
What is the SNS entity that allows you to group multiple recipients?
True/False: A single SNS topic can support multiple delivery types.
What is the purpose of AWS Elastic Transcoder?
To convert media files from their original source format into other formats.
What does API Gateway allow you to do in order to improve latency on requests to your API?
What feature of API Gateway allows you to prevent malicious attacks?
What type of data is Amazon Kinesis meant to consume?
What are the 3 core services of Amazon Kinesis?
1. Kinesis Streams
2. Kinesis Firehouse
3. Kinesis Analytics
Which Kinesis service makes use of Shards?
True/False: EBS volumes can be detached and reattached to another instance.
What are the two components of pricing for Elastic Transcoder?
1. Minutes you transcode
2. Resolution you transcode at
Can you find the public IP address of an instance in the user-data or the meta-data?
What are the 2 feature sets available for AWS Organizations?
1. Consolidated Billing
2. All Features
What are Organization Units (OUs) in AWS Organizations?
Groups of AWS accounts that fall under a common business unit.
True/False: AWS Organizations allows you to apply policies to both Organizational Units and AWS Accounts.
What is the purpose of Consolidated Billing?
It allows you to pay for multiple linked AWS accounts via one Root account.
How many linked accounts can you have connected to your Root account in AWS Organizations?
True/False: Consolidated Billing allows you to centralize your payments for multiple AWS accounts, but it does not save you more money than you would paying for each account individually.
True/False: You should deploy resources into your Root account for AWS Organizations.
True/False: When monitoring is enabled on the Root account in AWS Organizations, the billing data for all linked accounts is included.
True/False: CloudTrail works across all linked accounts in AWS Organizations.
False, you must enable individually, then manually combine logs.
What does AWS Cross Account Access allow you to do?
Switch between IAM users for different AWS accounts in the management console without having to login to each separately every time.
What are key-value pairs that describe metadata about AWS resources called?
True/False: Some AWS services can automatically create tags on AWS resources.
What is a Resource Group?
A grouping of resources based on the tags assigned to them.
What are the 2 types of Resource Groups on AWS?
1. Classic Resource Groups (global)
2. AWS Systems Manager (regional)
What is VPC Peering?
A connection between two VPCs that allows you to route traffic between them using private IP addresses.
True/False: VPC Peering can only be done within a single Region.
True/False: You can do VPC Peering with VPCs in another AWS account.
True/False: There is no single point of failure or bottleneck when you peer VPCs.
True/False: You can peer two VPCs that have the same or overlapping private CIDR block.
True/False: Transitive peering is not allowed between multiple VPCs.
What is AWS Direct Connect?
A dedicated network connection between your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
What is the difference between a VPN and AWS Direct Connect?
A VPN is used for immediate, low-bandwidth requirement connections, while Direct Connect provides private network connections that do not use the internet.
True/False: AWS Direct Connect involves using physical fiber to connect your datacenter to an AWS Direct Connect facility.
What are the 3 levels of Direct Connections you can get?
1. 10 Gbps
2. 1 Gbps
3. < 1 Gbps
What does AWS STS stand for?
Security Token Service
What is the purpose of AWS STS?
Granting users limited and temporary access to AWS resources.
What are the 3 sources where users may come from in AWS STS?
1. Federation (e.g. Active Directory)
2. Mobile App Federation
3. Cross Account Access
What does Federation refer to?
Combining a list of users in one domain with a list of users in another domain.
What are examples of common Identity Stores?
Active Directory, Facebook, Google
What is an Identity Broker?
A service which takes a user from point A and associates it to a user at point B.
True/False: The Identity Broker must always authenticate with the other Identity Store before authenticating with AWS STS.
What is Amazon WorkSpaces?
A cloud-based replacement for a traditional desktop (basically a VDI).
True/False: WorkSpaces users are given local administrator access by default.
True/False: WorkSpaces are persistent.
True/False: You need an AWS account to login to WorkSpaces.
What does AWS ECS stand for?
Elastic Container Service
True/False: ECS is a regional service.
What does Amazon ECR stand for?
EC2 Container Registry
What is a Task Definition in AWS ECS?
A text file in JSON format that describes one or more containers that form your application.
What are the two entities to which IAM roles can be assigned to in ECS?
1. Task Definition
2. ECS Container Instances (EC2)
What is an AWS ECS cluster?
A logical group of container instances that you can place tasks on.
True/False: ECS clusters are region-specific.
True/False: ECS Container Instances can only be part of one cluster at a time.
What are the two types of schedulers available for AWS ECS?
1. Service Scheduler
2. Custom Scheduler
What is the purpose of the ECS Container Agent?
It allows container instances to connect with your cluster.
True/False: ECS Container Agent is available on Windows instances.
True/False: You can access and configure the OS of the EC2 instances in your ECS cluster.
YOU MIGHT ALSO LIKE...
AWS - 1.2 - 20170728
AWS Solutions Architect Associates A Cloud Guru
AWS Selected Questions
AWS Solutions Architect 2018