AWS Whizlabs 4

VPC Gateway Endpoint

- What services is it used to reach?

- Does it use DNS?

- Does it use route tables?
Click the card to flip 👆
1 / 43
Terms in this set (43)
Which 3 options prevent accidental deletion of s3 bucket objects?1. Enable MFA Delete on the bucket 2. Enable Versioning on the bucket 3. Use IAM Roles to restrict bucket accessMonitoring, auditing, and alerting for key metrics and events are the best practices of the ___ pillarSecurityRedshift Cluster snapshotsPoint-in-time backups of a cluster2 types of Redshift Cluster snapshots?1. automated 2. manualRedshift Automated Snapshots - Retention period? - Cost?1-35 days Not charged for!Redshift Manual Snapshots - Retention period? - Cost?Indefinite (even after cluster deletion) - can specify at time of cluster creation; or edit after Charged for as backup storage (S3 rates)Best way to minimize costs incurred by a cluster?Delete manual snapshots!Integrate ___ with AWS Lambda functions , so that customers may call those Lambda functions via httpsAPI GatewayDynamoDB, RDS, Redshift - Which is serverless? - Which is not?DynamoDB RDS, RedshiftGlacier Vault LockA Glacier feature that helps you easily deploy and enforce compliance controls for individual S3 Glacier vaultsBastion hosta dedicated server for users to securely SSH INTO backend servers in a private subnetAll IPv4 addresses0.0.0.0/0ENI vs ENA vs EFAENI < ENA < EFA ENI: most basic, for creating mgmt networks (low budget) ENA: low latency, but not HPC EFA: low latency, HPC2 possible ways to ensure ASG launched EC2 instances are pre-installed with software?1. User Data: Add scripts for installation 2. Create an AMI and create a launch configurationS3 Cross-Region Replication - Is it object or bucket level? - Is it sync or async?___ is a bucket-level configuration that enables automatic, async copying of objects across buckets in different AWS regions2 types of actions that can be performed by S3 Bucket lifecycle policy rules1. Transition actions (ex. -> standard_ia) 2. Expiration actions (ex. s3 deletes expired objs for you)CloudTrail log file integrity validationTo determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it - Uses SHA-256 for hashing and digital signing; makes it impossible to modify/delete/forge CloudTrail log files without detection2 best services to monitor a Redshift cluster's performance to ensure it is as efficient as possible?1. CloudWatch 2. Trusted Advisor___ checks and analyzes your AWS environment, then recommends actions to follow best practices in: - cost optimization - performance - security - fault tolerance - service limitsAWS Trusted AdvisorCloudFront Query String Forwarding: What does it do? Query string parameters must follow which 2 rules?CloudFront caches content based on query string parameters 1. parameters are separated by & 2. parameter name and values use the same caseKinesis Data Streams: Retention period range? (What is the default retention period?)24 hours - 365 days 24 hoursSQS: What is short polling? What is long polling? - Portion of servers queried? - When will it send a response to a polling request for messages?Short polling: - only queries a subset of the SQS servers for messages - SQS sends response right away even if query found no messages Long polling: - queries all the SQS servers for messages - SQS sends response only after it collects AT LEAST ONE available messageWhat are the benefits of long polling in SQS?Long polling: 1. reduces number of empty responses (both when there are no messages AND false empty responses) 2. returns messages as soon as they're available 3. reduces SQS costSQS Visibility Timeout - Possible range? (default length?) - Benefits?Prevents other consumers from processing a message again. - messages is invisible for 0 seconds ~ 12 hours (default at 30 seconds) while in process with a consumerAWS CloudHSMa cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.___ routing policy is good for testing new versions of software (e.g. blue-green deployment)WeightedAn application that needs to put records into an ENCRYPTED Kinesis Data Stream would need ___permissions to use the KMS key Via: 1. Application IAM Role: application needs KEY USER role 2. KMS Key Policy: needs to give application permission to access key___ lets DynamoDB to automatically increase its write capacity for a temporary spike, and decrease the throughput after the spikeDynamoDB Auto Scaling___ are a great solution to categorize your AWS resources differently, such as by purpose, owner, or environment. - Consist of ___, which you defineTags a key and an optional valueWhich CloudWatch metric tells you an SQS queue length?ApproximateNumberOfMessagesVisibleHow to enforce the WORM model on your stored objects in an S3 bucket?Enable object lock when creating the S3 bucketEach object in an S3 bucket can have a different ___storage classIf you have infrequently accessed data that needs to be available within milliseconds, and keep cost low, should you choose Glacier or One Zone-IA to save cost?One Zone-IA (Glacier cannot be retrieved in milliseconds)