AWS Cost and Security Overview

Questions and Answers

Which service allows organizations to create and manage catalogs of IT services approved for use on AWS?

• AWS Organizations
• AWS CloudFormation
• AWS Resource Explorer
• AWS Service Catalog (correct)

What is a primary function of AWS Service Catalog in relation to IaC templates?

• Central management and governance of IaC templates (correct)
• Backup and recovery of IaC templates
• Creation of runtime environments for IaC templates
• Automatic generation of IaC templates

Which of the following best describes the compliance capabilities of AWS Service Catalog?

• It does not support compliance management.
• It ensures compliance requirements are met while managing cloud resource deployments. (correct)
• It allows for manual compliance audits only.
• It provides automatic compliance checking only at deployment.

Which AWS service is designed for account management across multiple AWS accounts?

AWS Organizations (D)

In which format are Infrastructure as Code (IaC) templates commonly written to be used with AWS Service Catalog?

CloudFormation and Terraform (C)

What is the primary function of Amazon Inspector?

To detect security vulnerabilities in applications (A)

Which of the following best describes Amazon Inspector's scanning capabilities?

Scans for software vulnerabilities and network exposure (C)

What does Amazon Inspector produce after completing an assessment?

A detailed list of security findings prioritized by severity (C)

In which environment does Amazon Inspector primarily operate?

Cloud environments on AWS (A)

Which aspect of security is NOT a focus of Amazon Inspector?

Managing user access controls (C)

How does Amazon Inspector enhance security for AWS applications?

By providing automated vulnerability assessments (D)

What is a significant benefit of using Amazon Inspector?

It identifies security vulnerabilities and compliance deviations (C)

What does Amazon Inspector prioritize in its findings?

Severity of the security issues (A)

Which type of deployment does Amazon Inspector assess?

Infrastructure that does not adhere to best practices (C)

What is AWS Fargate primarily used for?

Running containers without managing infrastructure (D)

Which of the following tasks does AWS Fargate simplify?

Cluster management and task scheduling (C)

How does AWS Fargate affect billing for resources?

You specify and pay for resources per application (D)

Which of the following statements about AWS Fargate is true?

It allows users to focus on deploying and managing containers. (D)

What advantage does AWS Fargate provide regarding scalability?

It handles scaling automatically without user input. (C)

Why might companies choose AWS Fargate over traditional EC2 instances for container management?

It simplifies container management by abstracting infrastructure complexities. (A)

What infrastructure management tasks does AWS Fargate take care of?

Cluster management and environment maintenance (A)

Which feature does AWS Fargate NOT provide?

Direct control over the underlying EC2 instances (B)

In which situation is AWS Fargate most beneficial?

For rapidly deploying applications without managing servers. (A)

What type of service is AWS Fargate categorized as?

Serverless Compute Service (C)

What is one of the activities related to a Snowball Edge device that incurs no cost for the company?

The transfer of data from the Snowball Edge appliance into Amazon S3 (C)

Which of the following options is not a cost-free action when using an Amazon Snowball Edge device?

Use of the Snowball Edge appliance after the first 10-day period (C)

How long can a company use the Snowball Edge appliance at no cost?

10 days (A)

Which action related to the Snowball Edge device would typically involve a fee?

Transferring data from the Snowball Edge appliance back to on-premises (C)

Which of the following correctly describes the transfer of data out of Amazon S3?

It incurs a cost based on the amount of data transferred (D)

What is the main purpose of using an Amazon Snowball Edge device for a company?

To transfer large volumes of data to the AWS Cloud efficiently (B)

What may be a consideration for a company when using the Snowball Edge appliance for longer than the specified free period?

Incurring additional costs for extended use (D)

What is the primary function of AWS Storage Gateway?

To connect on-premises applications with cloud-based storage (C)

Which of the following best describes the file gateway in AWS Storage Gateway?

It interfaces directly with Amazon S3 (D)

What is a key benefit of using an AWS Storage Gateway file gateway?

It allows users to access files as if they were stored locally (D)

How does AWS Storage Gateway enhance administration and scalability?

By reducing the need for user-specific configurations (A)

Which statement accurately reflects the performance characteristics of AWS Storage Gateway?

It provides low-latency access while maintaining local performance (D)

Why is it advantageous to connect user workstations to an AWS Storage Gateway file gateway?

It extends on-premises file storage to the cloud seamlessly (D)

What is a major operational aspect of utilizing AWS Storage Gateway?

Management of multiple S3 buckets can be avoided (B)

What kind of applications does AWS Storage Gateway primarily connect?

On-premises applications (B)

In addition to file access, what is another core function of an AWS Storage Gateway file gateway?

It offers centralized management of storage (A)

Which of the following is true regarding the S3 integration of AWS Storage Gateway?

It provides a bridge between cloud storage and local file systems (C)

Flashcards

Amazon Snowball Edge

Amazon Snowball Edge is a physical device used for transferring large amounts of data to and from AWS. It's a cost-effective option for transferring large datasets, especially when bandwidth is limited or the data is geographically dispersed.

Transferring data from Snowball Edge to S3

You can transfer data from the Snowball Edge appliance into Amazon S3 (Simple Storage Service) at no cost. This is part of the standard service offering for Snowball Edge.

Transferring data from S3 to Snowball Edge

Transferring data out of Amazon S3 and to the Snowball Edge appliance is a chargeable service. This means you will be charged for data transfer costs when moving data from S3 to the Snowball Edge device.

Free Trial Period for Snowball Edge

The initial use of a Snowball Edge appliance is free for a 10-day period. This gives you time to prepare and transfer your data.

Daily Usage Charges for Snowball Edge

After the initial 10-day period, you'll be charged for continued daily use of the Snowball Edge appliance. This is a recurring cost for extended data transfer needs.

Free Usage of Snowball Edge

Using the Snowball Edge appliance for the initial 10-day period is typically part of the service. You don't need to pay extra for this time.

Purpose of Snowball Edge

The Snowball Edge appliance is designed for large-scale data transfers. It is not meant for small-scale or everyday use.

What is AWS Storage Gateway?

AWS Storage Gateway is a hybrid storage service that allows you to seamlessly connect on-premises applications to cloud-based storage, specifically Amazon S3. It provides low latency access to your data stored on S3 while maintaining local access benefits.

What is a File Gateway within AWS Storage Gateway?

A file gateway is an interface within AWS Storage Gateway that enables users to access their data stored on S3 like they are accessing local files. This provides ease of use and allows for faster access compared to directly accessing S3.

How do you use AWS Storage Gateway in a traditional office setting?

You can configure and deploy an AWS Storage Gateway file gateway and connect each user's workstation to it. This allows users to access data on S3 as if it were stored locally. The file gateway acts as an intermediary between your local environment and S3.

How does AWS Storage Gateway simplify storage management?

AWS Storage Gateway simplifies data management and scalability by centralizing storage access. Instead of individual S3 buckets for each user, a single gateway handles access, reducing administrative overhead and simplifying scaling requirements.

What are the benefits of using AWS Storage Gateway for data access?

AWS Storage Gateway helps maintain low latency access to data stored on S3, ensuring fast retrieval and responsiveness. This makes it suitable for applications and users that need immediate access to their data.

What is Amazon Inspector?

Amazon Inspector is a cloud-based service that automatically identifies security vulnerabilities in applications and infrastructure on AWS.

What does Amazon Inspector scan?

Amazon Inspector scans for vulnerabilities in applications running on Amazon EC2 instances and infrastructure deployments.

What can Amazon Inspector find?

Amazon Inspector can identify vulnerabilities and non-compliant infrastructure deployments.

How does Amazon Inspector improve security?

Amazon Inspector helps improve the security and compliance of applications deployed on AWS.

What does Amazon Inspector report?

Amazon Inspector produces a detailed list of security findings prioritized by severity level.

What is Trusted Advisor?

Trusted Advisor is an AWS service designed to help you improve the performance, security, and cost-efficiency of your AWS deployments.

How does Trusted Advisor help?

Trusted Advisor can help you improve deployment best practices.

How does Trusted Advisor differ from Amazon Inspector?

Trusted Advisor is focused on improving deployment best practices, while Amazon Inspector focuses on identifying vulnerabilities.

What are the main uses of Amazon Inspector?

Amazon Inspector can be used to scan for software vulnerabilities and unintended network exposure.

What is AWS Fargate?

AWS Fargate is a serverless compute engine for containers that lets you run them without managing the underlying infrastructure. It simplifies managing clusters, scheduling tasks, and handling environment maintenance for containerized applications.

What does Fargate manage?

With AWS Fargate, you only need to focus on your containers and applications, and AWS takes care of the underlying infrastructure.

How does Fargate compare to managing Docker on EC2?

AWS Fargate is a suitable alternative to managing Docker environments on EC2 instances. It simplifies container management by abstracting away the complexities of infrastructure management.

What are the benefits of using Fargate?

By abstracting server management, AWS Fargate allows you to focus on container deployment and application management, leading to faster development cycles and improved productivity for developers.

How is Fargate billed?

You can specify and pay for resources per application, improving efficiency and scalability. This means you only pay for what you use, making it more cost-effective than managing your own servers.

What is Fargate built on?

Fargate is a service built on top of Amazon Elastic Container Service (ECS), providing a way to run containers without needing to manage ECS clusters directly.

What does Fargate eliminate?

Fargate eliminates the need to manage and maintain virtual machines (VMs) or servers, freeing up your time and resources to focus on other aspects of your application.

Is Fargate a managed service?

AWS Fargate is a managed service, which means that AWS takes care of the infrastructure, security, scaling, and maintenance. This allows you to focus on your applications and deployments.

What types of applications is Fargate suitable for?

Fargate is suitable for various applications, including web applications, microservices, and data processing workloads. It can handle a wide range of containerized applications with varying resource requirements.

Does Fargate support automatic scaling?

Fargate enables automatic scaling, meaning it automatically adjusts the resources allocated to your containers based on demand. This ensures that your applications have the resources they need, regardless of the traffic.

What is AWS Service Catalog?

AWS Service Catalog is a service used to create, share, organize, and manage infrastructure-as-code templates (IaC) for AWS resources. It enforces compliance by allowing administrators to control access to services and ensure deployments follow organizational policies.

How does AWS Service Catalog help manage IaC templates?

With AWS Service Catalog, administrators can create a centralized, curated collection of IaC templates (written using tools like CloudFormation or Terraform) which define the resources and configurations to be deployed. This ensures consistent and compliant deployments throughout the organization.

What are the benefits of using AWS Service Catalog for IaC management?

By creating a 'catalog' of approved IaC templates, AWS Service Catalog provides a controlled way to manage the deployment of AWS resources. It helps ensure these resources are consistently provisioned, secured, and meet organizational compliance standards.

How does AWS Service Catalog help promote compliance?

AWS Service Catalog simplifies compliance by allowing administrators to control who has access to certain services and templates. This ensures that only approved resources are deployed and helps prevent unauthorized configurations.

How does AWS Service Catalog help automate deployments?

AWS Service Catalog helps automate the deployment process for approved services, allowing users to automatically provision and configure resources quickly and efficiently. This speeds up the deployment cycle and reduces the risk of errors.

Study Notes

Snowball Edge Device Cost Considerations

• Transferring data from the Snowball Edge device to Amazon S3 is free.
• Using the device for up to ten days is not free
• Transferring data out of Amazon S3 to the Snowball Edge device is not free

AWS Services for Security and Compliance

• Amazon Inspector: An automated vulnerability management service that scans AWS resources for vulnerabilities and deviations from best practices.
• AWS Storage Gateway: Connects on-premises applications to Amazon S3 storage.
  • Includes a file gateway.
  • Enables consistent access to data, simplifying administration.
  • Lowers latency while retaining local access performance
• AWS Fargate: A serverless compute engine for containers, abstracting infrastructure management from the user.
• AWS Service Catalog: Facilitates centralized management and governance of IT services, including infrastructure as code (IaC) templates.
  • Allows for control of access, ensuring compliance, and managing deployed services.
• AWS Resource Explorer: Aids in exploring and querying AWS resources.
• AWS Organizations: Consolidates multiple AWS accounts into a single organization for centralized management.
• AWS Systems Manager: Manages AWS infrastructure at scale, useful for operational tasks but not specifically for governance of infrastructure as code.