AWS Services and Architecture Principles

Questions and Answers

Which feature of AWS IAM allows developers to programmatically access AWS services?

• SSH keys
• Access keys (correct)
• API keys
• User names/Passwords

What is the primary purpose of Amazon S3?

• To provide virtual machines on demand
• To manage relational databases
• To offer scalable object storage (correct)
• To facilitate message queuing

What is the maximum size of an object that can be stored in Amazon S3?

• 10 TB
• 1 TB
• 100 GB
• 5 TB (correct)

What is the primary role of APN Consulting Partners?

They assist customers with design and management of AWS workloads. (A)

Distributing workloads across multiple Availability Zones supports which cloud architecture design principle?

Design for failure. (C)

Which AWS service focuses on enabling users to skip managing physical servers?

Amazon Glacier (B)

What service does AWS IAM provide for managing user access?

Access control policies (B)

Which AWS services can host a Microsoft SQL Server database? (Select two)

Amazon Relational Database Service (Amazon RDS) (A), Amazon EC2 (C)

What is the benefit of using multiple Availability Zones in cloud architecture?

To create redundancy and increase reliability. (C)

Which of the following AWS services is designed for temporary storage of data?

Amazon EC2 Instance Store (C)

Which statement about Availability Zones is accurate?

Each Availability Zone is engineered to be independent from failures. (B)

What type of access does a user need to execute AWS CLI commands?

Programmatic access (A)

In which aspect does Amazon Redshift primarily operate?

Data warehousing (B)

How can multiple users access data from Amazon S3 concurrently?

Through high scalability features (A)

What is a primary feature of Amazon S3?

Persistent storage with managed data integrity. (C)

Which of the following principles is NOT associated with cloud design?

Restrict accessibility. (B)

What is the primary role of a Virtual Private Gateway in AWS?

To act as a connection point for on-premises VPNs (B)

Which service should a company consider for a self-hosted database needing nightly shutdown for maintenance?

Amazon RDS (C)

Which of the following is NOT included in the AWS Total Cost of Ownership (TCO) calculation?

Cloud migration (B)

What is the primary function of AWS Route 53 Resolver Endpoints?

To enable DNS queries from on-premises to AWS domains (D)

What differentiates the Classic Load Balancer from other load balancers in AWS?

It distributes traffic at both Layer 4 and Layer 7 (D)

Which aspect of security is described as a shared responsibility between AWS and the customer?

Compliance with regulatory standards (B)

What characteristic best describes Amazon S3 storage?

It provides highly-scalable binary object storage (B)

Which AWS service is primarily used for monitoring and logging metrics?

Amazon CloudWatch (D)

What is the primary benefit of using loosely coupled components in IT system design?

It minimizes the risk of cascade failure across components. (D)

Which method can enhance security for IAM users on AWS?

Using Multi-Factor Authentication (MFA). (B)

What should be avoided to enhance security for AWS resources?

Allowing personal devices to store IAM user credentials. (C)

How can data loss be prevented during service disruptions?

By implementing frequent backups. (C)

What role do groups play in the AWS IAM service?

They simplify the assignment of permissions to IAM users. (A)

Which of the following actions is recommended for managing IAM user access?

Implementing log monitoring for user activities. (C)

What is a primary characteristic of a well-designed IT system as complexity increases?

The ability to break down into loosely coupled components. (C)

Which of the following is NOT a best practice for AWS Identity and Access Management?

Sharing root user credentials among team members. (C)

What is the recommended method for a customer to achieve volume discounts while using multiple AWS accounts?

Use the consolidated billing feature from AWS Organizations. (C)

Which of the following services is categorized as Infrastructure as a Service (IaaS)?

Amazon Elastic Compute Cloud (EC2) (C)

What role does AWS Organizations play for customers managing multiple AWS accounts?

It allows customers to govern and manage their AWS resources as they scale. (A)

Why is it important for customers to perform security management tasks for EC2 instances?

To prevent unauthorized access and ensure data protection. (B)

What advantage does signing up for Reserved Instance pricing provide?

Guaranteed fixed pricing regardless of usage. (C)

Which AWS service is identified as a managed Domain Name System (DNS) web service?

Amazon Route 53 (A)

In the context of security responsibilities, what is required of customers deploying Amazon EC2 instances?

They are responsible for the management of the guest operating system. (C)

What capability does AWS Organizations offer to administrators managing multiple accounts?

It enables programmatic creation of new AWS accounts and resource allocation. (C)

Which factors might affect a customer's choice of AWS Region for deploying a new application? (Choose two.)

Data sovereignty compliance (B), Reduced latency to users (D)

What is NOT a consideration when selecting an AWS Region for application deployment?

Support for multiple programming languages (A)

Which of the following can influence the costs of AWS services across different regions?

Costs, taxes, and manpower for physical infrastructure (D)

Which option directly impacts end-user experience in relation to AWS Region selection?

Reduced latency to users (B)

Why might a customer prioritize data sovereignty compliance when choosing an AWS Region?

To comply with legal regulations regarding data storage (C)

How can regional cooling costs affect a customer's decision regarding AWS services?

They influence the total operational costs of hosting the application. (D)

Which choice is most likely to be a secondary factor when selecting an AWS Region?

The application's support for various languages (B)

What could be a consequence of neglecting data sovereignty when selecting an AWS Region?

Potential legal action and penalties (D)

Flashcards

AWS Availability Zones

Independent zones within AWS regions, engineered to be resilient against failures in other zones.

Design for Failure (Cloud Architecture)

A core principle of cloud architecture that ensures applications can withstand failures in individual components or zones.

AWS Service Catalogue

An AWS service that allows you to provision and manage various AWS services through a standardized catalog.

APN Consulting Partners

Professional services firms that help companies design, build, and manage AWS workloads.

Amazon EC2

A computing service that provides virtual servers on AWS.

Amazon RDS

A managed database service that simplifies running and scaling relational databases on AWS.

Amazon Aurora

A fully managed MySQL and PostgreSQL-compatible database service.

Amazon Redshift

A petabyte-scale data warehousing service.

What are the key benefits of Amazon S3?

Amazon S3 provides secure, durable, highly-scalable binary object storage for developers and IT teams.

What is the purpose of Route 53 Resolver Endpoints?

Route 53 Resolver Endpoints enable inbound DNS queries from on-premises networks to resolve AWS hosted domains.

What is the primary function of a Virtual Private Gateway?

A Virtual Private Gateway serves as the anchor for VPN connections between AWS and on-premises networks.

What costs should be considered when comparing AWS TCO with on-premises TCO?

When comparing AWS TCO with on-premises TCO, factors like data center security, software development costs, and antivirus software licensing play a crucial role.

What AWS service is suitable for a self-hosted database that requires nightly shutdowns?

Amazon Redshift is a petabyte-scale data warehousing service that can be used for self-hosted databases requiring nightly maintenance and cost-saving shutdowns.

What is “Security and Compliance” in the context of AWS?

Security and Compliance in AWS is a shared responsibility model where AWS operates and manages core infrastructure while customers are responsible for securing resources and data within their environment.

How can the AWS shared responsibility model benefit customers?

The AWS shared responsibility model relieves customers of the operational burden of managing core AWS components such as the host operating system and underlying infrastructure.

What is Amazon Glacier used for?

Amazon Glacier is a service for storing data that you don't access frequently, like backups or archives. It's designed for low cost and long-term storage.

How does Amazon S3 differ from Amazon Glacier?

Amazon S3 is for frequently accessed data, while Amazon Glacier is for infrequent access. S3 is optimized for speed, while Glacier is for low cost.

What is AWS IAM?

AWS IAM is a service that lets you manage user permissions and access to various AWS services.

Access Keys

Access Keys are a pair of security credentials (ID and secret) used for programmatic access to AWS services through the AWS Command Line Interface (CLI) or API.

API Keys

API keys are used for accessing specific services through an application's API (Application Programming Interface). They provide a means to authenticate and identify the application.

What is the purpose of AWS CLI?

AWS Command Line Interface (CLI) is a tool that lets you interact with AWS services through command-line commands. It's used for automation and scripting tasks.

What is an AWS SDK?

AWS Software Development Kit (SDK) is a collection of libraries and tools for interacting with AWS services from different programming languages like Python, Java, and JavaScript.

What is the difference between AWS CLI and SDK?

AWS CLI (Command Line Interface) is a tool for interacting with AWS through commands, while AWS SDK (Software Development Kit) provides libraries and tools for developers to integrate AWS services into their code.

Loose Coupling

A design principle where system components are independent, minimizing impact from changes or failures in one component on others. This makes systems more manageable and resilient.

AWS IAM Security Methods

AWS Identity and Access Management (IAM) offers features to secure user access. Two primary methods involve using Multi-Factor Authentication (MFA) for stronger logins, and creating unique IAM users to assign specific permissions.

AWS IAM Best Practices

AWS recommends locking down your root account, creating individual IAM users, and using groups to manage permissions effectively.

How does loose coupling help with failures?

When components are loosely coupled, a failure in one won't affect others, preventing cascading failures and ensuring data integrity. This makes systems more reliable and reduces downtime.

Multi-Factor Authentication (MFA)

A security method that uses multiple authentication factors, such as a physical token or app code, alongside your password, for increased security.

Why are unique IAM users important?

Creating unique users helps enforce the principle of least privilege, granting only necessary permissions to each user, minimizing security risks.

IAM User Groups

Groups allow you to efficiently manage permissions for multiple users by assigning specific permissions to the group and then adding users to that group.

Root Account Access

The main account used when setting up AWS. It has full access to all resources and should be locked down for maximum security.

Consolidated Billing

A feature in AWS Organizations that allows central billing for multiple AWS accounts, simplifying cost management and potentially unlocking volume discounts.

Volume Discounts

Price reductions offered by AWS for using larger quantities of resources like EC2 instances or storage, saving you money on your overall AWS bill.

Reserved Instances

A commitment to pay for a specific EC2 instance type for a set period, usually one or three years, in exchange for significantly lower hourly rates.

AWS Organizations

A centralized management service for AWS accounts, allowing you to create, manage, and govern resources within your organization, even across different accounts.

Amazon Route 53

A highly scalable and reliable DNS web service offered by AWS. It provides features for routing traffic, managing domains, and improving DNS performance.

Infrastructure as a Service (IaaS)

A cloud computing model where customers rent computing resources like servers, storage, and networks from a service provider (AWS). Customers manage their own operating systems and applications.

Guest Operating System

The operating system installed on top of an EC2 instance, which you are responsible for managing and securing when using AWS IaaS.

Shared Responsibility Model (AWS Security)

A framework where AWS manages the core infrastructure while customers are responsible for securing their own applications and data within that environment.

AWS Regions

AWS Regions are geographically distinct areas where AWS data centers and services are located. They are designed to provide low latency access to users and comply with data sovereignty regulations.

Data Sovereignty

Data Sovereignty refers to laws and regulations that govern where data can be stored and processed. Some countries have strict rules about data leaving their borders.

Latency

Latency refers to the delay in data transmission between two points, often measured in milliseconds. In AWS, it's the time it takes for data to travel from a user's location to an AWS service and back.

AWS Account Groups (IAM)

AWS Account Groups allow you to organize multiple AWS accounts together into a single entity. This enables you to apply policies and manage access control across a collection of accounts.

AWS Service Costs: Regional Differences

The costs of AWS services can vary across different regions. This is influenced by factors such as local infrastructure costs (electricity, labor, etc.), taxes, and market demand.

What factors influence choosing an AWS Region?

Choosing the right AWS Region is crucial for performance and compliance. Key factors include: latency (distance to users), data sovereignty regulations, and cost differences across regions.

Why are AWS service costs different in each region?

Factors like the costs of physical infrastructure (data centers), taxes, and the cost of labor can create differences in AWS service costs across regions.

Study Notes

AWS Service Catalogue

• APN Consulting Partners are professional services firms that help customers design, build, migrate, and manage workloads on AWS.

Cloud Architecture Design Principles

• Distributing workloads across multiple Availability Zones supports the design for failure principle. Multiple AZs reduce single points of failure.

AWS Databases

• Amazon EC2 and Amazon Relational Database Service (RDS) can host Microsoft SQL Server databases.
• Amazon Aurora and Amazon Redshift are other database services.
• Amazon S3 provides object storage, not database hosting.

AWS Total Cost of Ownership (TCO)

• TCO comparisons include project management, data center security, and software development costs, but not antivirus software licensing.

Database Maintenance

• For nightly shutdowns, Amazon Redshift is not ideal. Other services may be more suitable for scheduled downtime.

Loose Coupling in IT Systems

• As application complexity grows, loosely coupled components are desirable. Independent components reduce interdependencies and prevent cascading failures.

IAM Security Methods

• Employ Multi-Factor Authentication (MFA) for IAM user security.
• Use Security Groups for access blocking.
• Locking account root user access keys is important.
• Use individual IAM users within security groups.

AWS CLI Access

• Developers can access AWS services via API keys. Access keys and User names/passwords are used for programmatic access.

AWS Account Consolidation

• Using AWS Organizations and the consolidated billing feature allows leveraging volume discounts across multiple accounts.

AWS DNS Service

• Amazon Route 53 is an AWS managed DNS web service.

AWS Region Selection Factors

• Reduced latency to users and data sovereignty compliance influence region selection.
• Physical location and regional costs are important considerations.