AWS Cloud for Philippine Supreme Court

Questions and Answers

How do you associate an Elastic IP address with an EC2 instance in the AWS console?

• Navigate to the EC2 console, select Network & Security, Network Interfaces, choose the Elastic IP, click Actions, then click Associate Elastic IP Address.
• Navigate to the EC2 console, select Network & Security, Network Interfaces, choose the instance, click Actions, then click Associate Elastic IP Address.
• Navigate to the EC2 console, select Network & Security, Elastic IPs, choose the instance, click Actions, then click Associate Elastic IP Address.
• Navigate to the EC2 console, select Network & Security, Elastic IPs, choose the Elastic IP, click Actions, then click Associate Elastic IP Address. (correct)

What is the purpose of a Secondary Network Interface in AWS?

• To provide an alternative path for traffic to reach the instance if the primary network interface fails.
• To increase the bandwidth available to the instance.
• To enable the instance to communicate with multiple subnets within the VPC.
• All of the above. (correct)

What is the order of steps involved in configuring Application Migration Service for agentless on-premise VM migration?

• VM Discovery, Download of VM VDDK, Configuring Custom-Launch Template, Configuring Default Replication Template, Start VM Replication using Agentless.
• Configuring Default Replication Template, Configuring Custom-Launch Template, Download of VM VDDK, VM Discovery, Start VM Replication using Agentless.
• Download of VM VDDK, VM Discovery, Configuring Default Replication Template, Configuring Custom-Launch Template, Start VM Replication using Agentless. (correct)
• Download of VM VDDK, Configuring Default Replication Template, Configuring Custom-Launch Template, VM Discovery, Start VM Replication using Agentless.

What is the difference between Pre-Cut-over and Final Cut-over in Application Migration Service?

Pre-Cut-over prepares the target environment for the migration, while Final Cut-over completes the migration by stopping replication on the source and starting the migrated instance. (A)

What is the primary purpose of AWS Disaster Recovery Service?

To provide a mechanism for replicating and recovering data in case of a disaster. (D)

What is the main benefit of using agentless migration in Application Migration Service?

Both A and B. (C)

What is the purpose of installing the DR agent on a virtual machine in AWS Disaster Recovery Service?

All of the above. (D)

What are the required permissions to install the DR agent on a Linux server?

Both B and C. (A)

What are the key components involved in creating a public hosted zone using Route 53?

Creating a hosted zone, defining records, configuring CloudFront (B)

Which service is used to monitor potential website defacement?

CloudWatch (B)

When setting up an Application Load Balancer for an EC2 workload, what is the first step?

Launch EC2 instances with the webserver (A)

What is the primary use of Content Security Policy (CSP) in the context of CloudFront?

Protecting against cross-site scripting attacks (A)

What is the purpose of specifying glue records when adding or changing name servers and glue records for a domain registered with Route 53?

To resolve private IP addresses within your VPC (D)

What is NOT a step involved in setting up an Application Load Balancer for an EC2 workload?

Launching an EC2 instance (B)

What service can be used for migrating existing applications to AWS?

AWS Application Migration Service (A)

What is the main purpose of setting up a VPC when configuring an Application Load Balancer for an EC2 workload?

To provide a secure and isolated network environment (B)

How can you create a new AMI (Amazon Machine Image) based on an existing EC2 instance?

By using the 'Create Image' option in the EC2 console (A), By making a snapshot of the instance's root volume (B)

To connect to an EC2 instance via SSH, which of the following is required?

An AWS Key Pair (A), A secure shell client like PuTTY (C)

What is the purpose of the Application Migration Service?

To migrate applications from on-premises to AWS without downtime. (D)

What is the primary purpose of VPC Peering?

To connect a virtual private cloud to another VPC. (B)

What is the recommended approach to deploying new VPC subnets and route tables?

All of the above are valid, but the best approach depends on your specific needs. (D)

Which of the following AWS services is used to protect against web-based attacks like SQL injection and cross-site scripting?

WAF (C)

In the context of Disaster Recovery Service (DRS), what is the primary purpose of creating a custom launch template?

To define the size and type of the EC2 instance that will be used for recovery. (A)

What is the purpose of the ‘Replication Template’ in the context of Application Migration Service?

To define the frequency and method the data will be replicated. (C)

Which of the following options is not a step involved in the final cut-over phase during application migration using Application Migration Service?

Disconnecting the on-premises workload from the network. (A)

How can you configure a VPC Peering connection between two VPCs?

Through the VPC console in AWS. (A)

What is the main purpose of creating a Target Group for an EC2 instance?

To group multiple instances for load balancing. (B)

What is the purpose of the Amazon Machine Image (AMI)?

To store the operating system and software for an EC2 instance. (C)

What is the role of an Elastic IP Address in AWS?

To provide a static IP address for an EC2 instance. (B)

Which of the following is not a step involved in configuring Site-to-Site VPN?

Deploying a new S3 bucket in AWS. (B)

Which of the following is not a method for provisioning EC2 instances in AWS?

Install (D)

Which of the following AWS services is used to monitor EC2 instances and other resources in AWS?

CloudWatch (B)

Flashcards

Elastic IP Address

A static IP address designed for dynamic cloud computing in AWS.

Attach Elastic IP Address

Process of linking an Elastic IP to an instance or network interface.

Detach Elastic IP Address

Process of unlinking an Elastic IP from its associated instance or network interface.

Add Secondary Network Interface

Create an additional network interface for an EC2 instance to enhance network connectivity.

Application Migration Service

A service to migrate applications from on-premises to AWS with minimal downtime.

Agentless VM Replication

A technique that avoids installing software agents to replicate virtual machines.

Disaster Recovery (DR) Agent

A tool installed on VMs to facilitate recovery in case of a disaster.

Root privileges for DR Agent

Administrative rights needed to install the DR Agent on Linux servers.

CloudFront

A content delivery network service from AWS that speeds up the distribution of content to users.

Content Security Policy

A security measure that helps prevent attacks such as Cross Site Scripting (XSS) by specifying allowed content sources.

Caching

The process of storing copies of files or data in temporary storage for quicker access.

HTTP Headers

Included in HTTP requests and responses to provide additional information about the request or response.

Route 53

AWS's scalable domain name system (DNS) web service that provides DNS routing.

Creating Hosted Zone

The process of setting up a domain name within Route 53 to manage DNS records.

Application Load Balancer

A service that automatically distributes incoming application traffic across multiple targets, like EC2 instances.

EC2 Workload Setup

Configuring application services on Amazon EC2 instances to run applications effectively.

AWS Control Tower

A management tool for AWS account setup and governance.

VPC

Virtual Private Cloud, a private, isolated section of AWS Cloud.

EC2 Instances

Virtual servers in AWS to run applications.

AMI

Amazon Machine Image, a template for launching EC2 instances.

Snapshot

A backup of the volume at a specific point in time.

Security Groups

Virtual firewalls that control traffic to EC2 instances.

SSH

Secure Shell, a protocol for securely accessing servers remotely.

CloudFormation

A service for modeling and setting up AWS resources automatically.

WAF

Web Application Firewall, protects web applications from attacks.

CloudWatch

Monitoring service for AWS that provides data about resource usage.

Disaster Recovery Service

A service for recovering from failures or disasters in AWS.

Hosted Zone

Container for DNS records for a domain in Route 53.

Study Notes

AWS Quick Reference Guide for the Supreme Court of the Philippines

• This guide provides a reference for using AWS cloud computing services, implemented during the Supreme Court cloud migration project.
• The purpose of the document is to help users navigate and utilize AWS services effectively.

Document Control

• Each update to the document is tracked to maintain consistency.
• A minor change gets a numerical increment of 0.01 or higher.
• A major change will increment the version number (e.g., 2.0).
• A revision log is included detailing each change's date, owner, and remarks.

Reviewers

• A list of stakeholders who will review the document is included.
• Roles, such as Project Manager, Technical Manager, and Judicial Staff Officer, are mentioned.

AWS Infrastructure Diagram

• The document includes diagrams illustrating the network architecture of the project. Networks include:
  • Main Non-Production VPC (10.200.0.0/18) with public and private subnets.
  • DR Production VPC (10.202.0.0/16).
  • Cloud resources such as IAM, CloudWatch, Budget, Cost Explorer, Load Balancers and other components.
  • Interconnections, such as a site-to-site VPN, are noted.
• The diagrams show the relationships among various AWS services and components

AWS Organizational Structure

• This section describes the AWS organizational structure, including the different Account types (Master Account, AWS Control Tower, Log Archive Account, Security OU, etc.).

AWS Services - VPC

• VPC Networking Diagram: details deployment of new VPC subnets, route tables, configuring VPC Peering and configuring site-to-site VPN
• Access Management via centralized Control Tower
• Audit and Logging

AWS Services - EC2

• Provisioning of EC2 Instances: launching, stopping, and terminating instances are described
• Creation of AMIs: method of creating an AMI from an existing instance is explained
• Creation of Snapshots: detailed steps for creating and managing snapshots
• Creating, Attaching , Resizing and detaching volumes
• Other EC2 Configurations: include details about security groups, and managing of AWS Key Pairs
• Configuring EC2 Instances

AWS Services - Other Services/Configurations

• Configuring VPC Peering
• Configuring Site-to-Site VPN
• Creating a target group.
• Creation of Elastic IP Addresses
• Adding Secondary Network Interfaces
• Application Migration Service (including configuration and agentless migration)
• Disaster Recovery Service including installation procedures, and replication setup
• WAF and CloudFront (content security and caching) configuration
• Working with Route53 resources such as creating hosted zones, adding records and managing DNS
• Managing AWS Keypairs
• Configuring Security Groups

Document Details

• Page numbers, included for each page.
• Individual instructions and steps for each AWS service.

Other Configurations

• Detailed instructions on how to create, manage, and use AWS services, with numbered steps for each task.