AWS Services Overview Quiz

Questions and Answers

Which AWS service allows you to securely connect IoT devices to the cloud?

• AWS Device Farm
• Amazon AppStream 2.0
• AWS IoT Core (correct)
• AWS Backup

AWS Application Discovery Service can only use agent-based discovery methods.

False (B)

What type of service is Amazon WorkSpaces?

Managed Desktop as a Service

AWS _____ Simulator is a service for running fault injection experiments on AWS workloads.

Fault Injection

Match the AWS services with their primary features:

Amazon Elastic Transcoder = Convert media files formats AWS Step Functions = Orchestrate Lambda functions workflows AWS Ground Station = Control satellite communications AWS Amplify = Develop scalable web and mobile applications

Which service provides Desktop Application Streaming?

Amazon AppStream 2.0 (C)

AWS DataSync can move large amounts of data from AWS to on-premises systems.

False (B)

Name one disaster recovery strategy provided by AWS.

Warm Standby

AWS _____ is a service that helps to automate backups across AWS services.

Backup

What is the main purpose of AWS Migration Hub?

To collect inventory data for migration assessment (C)

Which AWS service is used for audio transcription?

Transcribe (D)

AWS CloudTrail is used to track API calls made by users within an account.

True (A)

Name one pillar of the AWS Well-Architected Framework.

Operational Excellence, Performance Efficiency, Reliability, Security, Cost Optimization, Sustainability

AWS _____ allows users to build conversational bots.

Lex

Match the AWS services to their primary functions:

Amazon Detective = Find the root cause of security issues Polly = Text to audio conversion IAM = Identity and Access Management SageMaker = Machine Learning for developers

Which service provides a direct private connection to AWS?

Direct Connect (C)

VPC Flow Logs capture network traffic logs at the VPC level.

False (B)

What is a primary function of the Cost Explorer tool?

View current usage and forecast usage

The _____ Gateway provides Internet access at the VPC level.

Internet

What type of policies does AWS Organizations use to restrict account power?

Service Control Policies (SCP) (D)

AWS Support provides a Basic plan that only includes billing and account support.

True (A)

What is one advantage of using Cost Allocation Tags?

Easy management and billing

NACL stands for Network _____ List.

Access

Which AWS service is specifically designed for personalized recommendations?

Personalize (C)

Match the AWS Machine Learning services with their functions:

Rekognition = Face detection and labeling Translate = Text translation Comprehend = Natural Language Processing Forecast = Building accurate forecasts

Which service provides serverless computing in AWS?

Lambda (C)

Amazon S3 uses a bucket to store objects.

True (A)

What is the primary use of IAM in AWS?

Identity and Access Management

An _______ is a virtual server in Amazon's Elastic Compute Cloud (EC2).

instance

Match the following AWS services with their primary purposes:

EC2 = Compute capacity in the cloud S3 = Object storage service RDS = Managed relational database service CloudFront = Content delivery network

What type of storage is EBS primarily associated with?

Block storage (B)

AWS Lambda functions can run for up to 10 minutes.

False (B)

Name one of the security features provided by AWS IAM.

MFA or Password Policy

The _____ service allows you to scale your applications automatically in response to demand.

Auto Scaling Group (ASG)

Which of the following is a feature of S3 storage classes?

Versioning and replication (C)

Amazon CloudWatch is used for monitoring AWS resources.

True (A)

What does AWS CloudTrail provide?

Audit of API calls

Amazon _____ allows organizations to manage and analyze streaming data.

Kinesis

Match the following AWS storage solutions with their descriptions:

EFS = Network file system for multiple instances FSx for Windows = Network file system for Windows servers S3 = Object storage with various classes Glacier = Long-term archival storage

Flashcards

IAM (Identity and Access Management)

A service that manages users, groups, policies, and roles to control access to AWS resources.

User

A physical person with a password that can access the AWS Console.

Group

A collection of users that share the same permissions.

Policy

A JSON document that defines what permissions a user, group, or role has.

Role

A set of permissions that can be assigned to EC2 instances or AWS services.

EC2 (Elastic Compute Cloud)

A service that provides virtual servers (EC2 instances) for running applications in the cloud.

EC2 Instance

A virtual server that combines an AMI (operating system), instance size, storage, security group, and user data.

Security Group

A firewall attached to an EC2 instance that controls incoming and outgoing traffic.

EBS Volume

A persistent, block-level storage volume that can be attached to an EC2 instance.

AMI (Amazon Machine Image)

A pre-configured template that includes an operating system and other software you can use to launch EC2 instances.

ELB (Elastic Load Balancer)

A service that distributes incoming traffic across multiple EC2 instances.

ASG (Auto Scaling Group)

A service that automatically adjusts the number of EC2 instances based on demand.

S3 (Simple Storage Service)

A service for object storage, storing data like files and images.

S3 Bucket

A container in S3 that holds objects and has a globally unique name.

RDS (Relational Database Service)

A service for managing relational databases such as MySQL, PostgreSQL, and Oracle in the cloud.

Shared Responsibility Model

A model where both the cloud provider (AWS) and the user share responsibility for security and compliance. AWS takes care of the infrastructure security, while the user is responsible for securing their applications and data.

Impact Minimization

A strategy to reduce the negative impact of technology on the environment and society by using resources efficiently and reducing waste.

AWS WorkSpace

A managed desktop-as-a-service (DaaS) solution from AWS, allowing users to access virtual desktops from anywhere.

Amazon AppStream 2.0

A service from AWS that streams applications directly to a web browser, eliminating the need for installation or infrastructure on the user's device.

AWS IoT Core

A managed service from AWS that allows users to connect their Internet of Things (IoT) devices to the AWS Cloud.

Amazon Elastic Transcoder

A service from AWS that converts media files to different formats for playback on various devices.

AWS AppSync

A service from AWS that enables real-time data synchronization for web and mobile applications.

AWS Backup

A fully managed service from AWS that centralizes and automates backups for various AWS services.

Disaster Strategy

A plan outlining how to recover from a disaster or major disruption, ensuring minimal downtime.

AWS Migration Hub

A central platform from AWS where you can manage and track the migration of applications and servers to the AWS Cloud.

PII Data in S3 Buckets

Personally Identifiable Information (PII) stored within Amazon S3 buckets, requiring stringent security measures for protection.

CloudTrail

A service that records API calls made within your AWS account, providing a comprehensive audit trail for security and compliance.

Amazon Detective

A security analysis service that helps identify the root cause of suspicious activities or security incidents within your AWS environment.

AWS Abuse Reporting

A mechanism to report resources within your AWS account that are being used for illegal or abusive activities.

Root User Privileges

The highest level of permissions within an AWS account, allowing complete control over account settings, billing, and other critical functions.

AWS Machine Learning

A collection of services that offer machine learning tools for developers and data scientists to build intelligent applications.

Rekognition

A service that allows you to perform image analysis tasks such as face recognition, object detection, and scene understanding.

Transcribe

A service that automatically converts audio files into text, useful for generating captions, transcripts, and other text-based outputs.

Translate

A service that translates text between multiple languages, allowing you to break down language barriers.

VPC

Virtual Private Cloud. A private network within AWS, isolating your resources from the public internet.

Subnets

Divisions within a VPC, tied to specific Availability Zones, providing flexibility in managing network traffic and security.

Internet Gateway

A gateway that enables internet access for resources within your VPC.

NAT Gateway / Instance

Allows resources in private subnets, without public IP addresses, to connect to the internet.

Study Notes

IAM (Identity and Access Management)

• Users: Mapped to a physical user, has a password for the AWS console.
• Groups: Contain only users.
• Policies: JSON documents outlining permissions for users or groups.
• Roles: For EC2 instances or AWS services.
• Security: MFA (Multi-Factor Authentication) and password policy enforced.
• AWS CLI: Manage AWS services via the command line.
• AWS SDK: Manage services using programming languages.
• Access Keys: Access AWS using CLI or SDK.
• Audit: IAM Credential Reports and IAM Access Advisor.

EC2 (Elastic Compute Cloud)

• EC2 Instance: AMI (Operating System) + Instance size (CPU, RAM) + Storage + Security Group + EC2 User Data.

• Security Groups: Firewall attached to the EC2 instance.

• EC2 User Data: Script launched on first instance startup.

• SSH: Start terminal into EC2 instances (port 22).

• EC2 Instance Role: Linking to IAM roles.

• Purchasing Options: On-demand, Spot, Reserved (standard/convertible), Dedicated Host, Dedicated Instance.

• EC2 Instance Storage:

  • EBS Volumes: Network drives attached to a single EC2 instance. Mapped to Availability Zones. EBS snapshots for backups/transferring volumes across AZs.
  • Instance Store: High-performance disk attached to the instance. Lost if instance is stopped/terminated.

• EFS (Elastic File System): Network file system, attachable to hundreds of instances in a region.

• EFS-IA (Infrequent Access): Cost-optimized storage for infrequent access files.

• FSx for Windows: Network file system for Windows servers.

• FSx for Lustre: High-performance computing Linux file system.

ELB & ASG

• High Availability vs Scalability (vertical/horizontal) vs Elasticity vs Agility in the Cloud.
• Elastic Load Balancers (ELB): Distribute traffic across backend EC2 instances (multi-AZ support). Supports health checks. Four types: Classic, Application (HTTP-L7), Network (TCP-L4), Gateway (L3).
• Auto Scaling Groups (ASG): Implement elasticity for applications across multiple AZs. Scales EC2 instances based on demand and replaces unhealthy instances. Integrated with ELB.

Amazon S3

• Buckets vs Objects: Globally unique names, tied to a region.
• S3 Security: IAM policies, S3 bucket policies (public access), S3 encryption.
• S3 Websites: Host static websites on S3.
• S3 Versioning: Multiple file versions, prevents accidental deletion.
• S3 Replication: Same or cross-region replication (requires versioning).
• S3 Storage Classes: Standard, Infrequent Access (IA), One Zone-IA, Intelligent-Tiering, Glacier (Instant/Flexible/Deep Archive).
• Snow Family (SnowCone, Snowball, SnowMobile): Import data to S3 via physical devices (online/offline).
• Storage Gateway: Hybrid solution extending on-premises storage to S3.

Databases & Analytics

• Relational Databases (OLTP): RDS & Aurora (SQL).
• In-memory Database: Elasticache.
• Key/Value Database: DynamoDB (serverless) & DAX (DynamoDB cache).
• Warehouse (OLAP): Redshift (SQL).
• Hadoop Cluster: EMR.
• Athena: Query data on S3 (serverless, SQL).
• QuickSight: Dashboards on data (serverless).
• DocumentDB: "Aurora for MongoDB," JSON-based NoSQL database.
• Amazon QLDB: Financial transactions ledger (immutable journal, cryptographically verifiable).
• Glue: Managed ETL (Extract, Transform, Load) and Data Catalog service.
• Database Migration: DMS.
• Neptune: Graph database (social networks).

Other Compute

• Docker: Container technology.
• ECS (Elastic Container Service): Run Docker containers on EC2 instances.
• Fargate: Run containers without EC2 instance provisioning (serverless).
• ECR (Elastic Container Registry): Private Docker image repository.
• Batch: Run batch jobs on managed EC2 instances.
• Lightsail: Predictable, low-cost for simple applications and databases.
• Lambda: Serverless, Function as a Service, seamless scaling, reactive.
• Lambda Billing: By execution time & provisioned RAM, and by number of invocations. Supported languages (many). Invocation time up to 15 minutes.
• API Gateway: Expose Lambda functions as HTTP APIs.

Deployment

• CloudFormation: Infrastructure as code. Works with almost all AWS resources, repeatable across regions and accounts.
• Beanstalk: Platform as a Service (PaaS). Limited to specific programming languages or Docker. Consistent deployments with known architecture (e.g., ALB+BC+RDS).
• CodeDeploy: Deploy and upgrade applications on servers (hybrid).
• Systems Manager: Patch, configure, and run commands at scale (hybrid).
• OpsWorks: Managed Chef and Puppet in AWS (hybrid).
• CodeCommit: Private Git repository (version control).
• CodeBuild: Build and test code in AWS.
• CodeDeploy: Deploy code to servers.
• CodePipeline: Orchestrate CI/CD pipeline (code to build to deploy).
• CodeArtifact: Store software packages/dependencies on AWS.
• CodeStar: Unified view for developers (CI/CD, code).
• Cloud9: Cloud IDE with collaboration.
• AWS CDK: Define cloud infrastructure using programming language.

Leveraging the AWS Global Application

• Global DNS (Route 53): Route users to the closest deployment for low latency. Helps with disaster recovery.
• Global Content Delivery Network (CDN) (CloudFront): Replicate application to AWS Edge Locations, reduce latency by caching common requests.
• S3 Transfer Acceleration: Accelerate global uploads and downloads to S3.
• AWS Global Accelerator: Improve global application availability and performance.
• AWS Outposts: Deploy AWS services in on-premises data centers.
• AWS Wavelength: Bring AWS services to 5G networks for ultra-low latency applications.
• AWS Local Zones: Bring AWS resources closer to users for low latency applications.

Cloud Integration

• SQS (Simple Queue Service): Queue service (multiple producers, messages retained up to 14 days). Multiple consumers for read/delete. Decouples applications in AWS.
• SNS (Simple Notification Service): Notification service (subscribers: email, Lambda, SQS, HTTP, mobile). Sends to all subscribers, no message retention.
• Kinesis: Real-time data streaming, persistence, and analysis.
• Amazon MQ: Managed message broker for ActiveMQ and RabbitMQ. Protocols like MQTT and AMQP.

Cloud Monitoring

• CloudWatch: Metrics, alarms, logs, events. Monitor AWS services, automate notifications and actions.

• CloudTrail: Audit API calls in your AWS account.

• CloudTrail Insights: Automated analysis of CloudTrail events.

• X-Ray: Trace requests through distributed applications.

• AWS Health Dashboard: Status of all AWS services. Account-level dashboard displaying infrastructure impacting events.

• Amazon CodeGuru: Automated code reviews, performance recommendations.

AWS Security & Compliance

• Shared Responsibility Model.
• Shield: Automatic DDoS protection, 24/7 support for advanced security.
• WAF: Firewall to filter incoming requests.
• KMS: Managed encryption keys.
• CloudHSM: Hardware encryption (manage keys).
• ACM (AWS Certificate Manager): Provision, manage, deploy SSL/TLS certificates.
• GuardDuty: Find malicious behavior.
• Inspector: Find software vulnerabilities.
• Network Firewall: Protect VPC from network attacks.
• Config: Track configuration changes and compliance.
• Macie: Find sensitive data (PII).
• CloudTrail (tracks API calls).
• Amazon Detective: Find the root cause of security issues.
• AWS Abuse: Report AWS resources used for abusive purposes.

Root User Privileges

• Changing account settings.
• Account closure.
• AWS support plan changes.
• Reserved Instance Marketplace seller registration.

AWS Machine Learning

• Rekognition: Face detection, labeling, celebrity recognition.
• Transcribe: Audio to text (subtitles).
• Polly: Text to audio.
• Translate: Translations.
• Lex: Build conversation bots (like Alexa).
• Connect: Cloud contact center.
• Comprehend: Natural Language Processing.
• SageMaker: Machine Learning for developers/data scientists.
• Forecast: Highly accurate forecasts.
• Kendra: ML-powered search engine.
• Personalize: Real-time personalized recommendations.
• Textract: Detect text and data in documents.

AWS VPC & Network

• VPC (Virtual Private Cloud): Virtual network in AWS.
• Subnets: Network partitions within VPC, tied to Availability Zones.
• Internet Gateway: VPC-level internet access.
• NAT Gateway/Instances: Internet access for private subnets.
• NACL: Stateless, subnet-level rules for inbound/outbound.
• Security Groups: Stateful, operate at the EC2 instance level or ENI level.
• VPC Peering: Connect two VPCs (non-overlapping IP ranges, non-transitive).
• Elastic IP: Fixed public IPv4 address (ongoing cost if idle).
• VPC Endpoints: Private access to AWS services within VPC.
• PrivateLink: Privately connect to a 3rd-party VPC service.
• VPC Flow Logs: Network traffic logs.
• Site-to-Site VPN: VPN over public internet between on-premises and AWS.
• Client VPN: OpenVPN connection from your computer to VPC.
• Direct Connect: Direct private connection to AWS.
• Transit Gateway: Connect numerous VPCs and on-premises networks.

Account Best Practices

• Organizations: Operate multiple accounts.
• SCP (Service Control Policies): Restrict account power.
• AWS Control Tower: Setup multiple accounts with best practices.
• Tags & Cost Allocation Tags: Easy management and billing.
• IAM Guidelines: MFA, Least Privilege, Password Policy, Rotation.
• Config: Record resource configurations & compliance.
• CloudFormation: Deploy stacks across accounts/regions.
• Trusted Advisor: Get AWS insights. Adapt Support Plans.
• Account Compromise Actions: Change root password, delete keys, contact AWS support.
• AWS Service Catalog: Allow users to create predefined stacks.

Billing and Costing Tools

• Compute Optimizer: Recommends resource configurations for cost reduction.
• Pricing Calculator: AWS service cost estimations.
• Billing Dashboard: High-level overview. Free tier display.
• Cost Allocation Tags: Tag resources for detailed reports.
• Cost and Usage Reports: Comprehensive billing data.
• Cost Explorer: Current usage, predicted usage.
• Billing Alarms: Track overall & per-service billing.
• Budgets: Track usage/costs, get alerts on RI usage.
• Saving Plans: Save money based on long-term usage.
• Cost Anomaly Detection: Detect unusual spending via Machine Learning.
• Service Quotas: Notifications about service quota thresholds.

Disaster Strategy

• Backup/Restore.
• Pilot Light.
• Warm Standby.
• Multi-site/Hot-Site

Other Services

• Elastic Disaster Recovery (DRS): Recover servers to AWS.
• AWS DataSync: Move large data to/from AWS.
• AWS Application Discovery Service: Planning migration projects by gathering data.
• Migration Hub: Central location to collect server/application data & track migration status.
• Migration Hub Orchestrator: Pre-built migration templates.
• AWS Fault Injection Simulator (FIS): Stress test applications via Chaos Engineering.
• Step Functions: Visual workflows for orchestrating Lambda functions.
• Ground Station: Manage satellite communications & processing.
• Pinpoint: 2-way marketing communication with various channels (email, SMS, etc.).
• AppSync: Sync data across mobile/web apps.
• Amplify: Build/deploy full-stack web/mobile apps.
• Device Farm: Test apps on various devices.
• Backup: Centrally manage backups.
• Application Migration Service (MNG): Migrate apps to AWS.
• Migration Evaluator: Assess and plan migrations.

Description

Test your knowledge on various AWS services and their functionalities. This quiz covers topics such as IoT device connectivity, virtual desktop infrastructure, and disaster recovery strategies within AWS. Challenge yourself to match services with their primary features and learn more about cloud technologies.