AWS Services Overview Quiz

Questions and Answers

Which AWS service allows you to securely connect IoT devices to the cloud?

AWS Device Farm

Amazon AppStream 2.0

AWS IoT Core (correct)

AWS Backup

AWS Application Discovery Service can only use agent-based discovery methods.

False

What type of service is Amazon WorkSpaces?

Managed Desktop as a Service

AWS _____ Simulator is a service for running fault injection experiments on AWS workloads.

Fault Injection

Match the AWS services with their primary features:

Amazon Elastic Transcoder = Convert media files formats AWS Step Functions = Orchestrate Lambda functions workflows AWS Ground Station = Control satellite communications AWS Amplify = Develop scalable web and mobile applications

Which service provides Desktop Application Streaming?

Amazon AppStream 2.0

AWS DataSync can move large amounts of data from AWS to on-premises systems.

False

Name one disaster recovery strategy provided by AWS.

Warm Standby

AWS _____ is a service that helps to automate backups across AWS services.

Backup

What is the main purpose of AWS Migration Hub?

To collect inventory data for migration assessment

Which AWS service is used for audio transcription?

Transcribe

AWS CloudTrail is used to track API calls made by users within an account.

True

Name one pillar of the AWS Well-Architected Framework.

Operational Excellence, Performance Efficiency, Reliability, Security, Cost Optimization, Sustainability

AWS _____ allows users to build conversational bots.

Lex

Match the AWS services to their primary functions:

Amazon Detective = Find the root cause of security issues Polly = Text to audio conversion IAM = Identity and Access Management SageMaker = Machine Learning for developers

Which service provides a direct private connection to AWS?

Direct Connect

VPC Flow Logs capture network traffic logs at the VPC level.

False

What is a primary function of the Cost Explorer tool?

View current usage and forecast usage

The _____ Gateway provides Internet access at the VPC level.

Internet

What type of policies does AWS Organizations use to restrict account power?

Service Control Policies (SCP)

AWS Support provides a Basic plan that only includes billing and account support.

True

What is one advantage of using Cost Allocation Tags?

Easy management and billing

NACL stands for Network _____ List.

Access

Which AWS service is specifically designed for personalized recommendations?

Personalize

Match the AWS Machine Learning services with their functions:

Rekognition = Face detection and labeling Translate = Text translation Comprehend = Natural Language Processing Forecast = Building accurate forecasts

Which service provides serverless computing in AWS?

Lambda

Amazon S3 uses a bucket to store objects.

True

What is the primary use of IAM in AWS?

Identity and Access Management

An _______ is a virtual server in Amazon's Elastic Compute Cloud (EC2).

instance

Match the following AWS services with their primary purposes:

EC2 = Compute capacity in the cloud S3 = Object storage service RDS = Managed relational database service CloudFront = Content delivery network

What type of storage is EBS primarily associated with?

Block storage

AWS Lambda functions can run for up to 10 minutes.

False

Name one of the security features provided by AWS IAM.

MFA or Password Policy

The _____ service allows you to scale your applications automatically in response to demand.

Auto Scaling Group (ASG)

Which of the following is a feature of S3 storage classes?

Versioning and replication

Amazon CloudWatch is used for monitoring AWS resources.

True

What does AWS CloudTrail provide?

Audit of API calls

Amazon _____ allows organizations to manage and analyze streaming data.

Kinesis

Match the following AWS storage solutions with their descriptions:

EFS = Network file system for multiple instances FSx for Windows = Network file system for Windows servers S3 = Object storage with various classes Glacier = Long-term archival storage

Study Notes

IAM (Identity and Access Management)

• Users: Mapped to a physical user, has a password for the AWS console.
• Groups: Contain only users.
• Policies: JSON documents outlining permissions for users or groups.
• Roles: For EC2 instances or AWS services.
• Security: MFA (Multi-Factor Authentication) and password policy enforced.
• AWS CLI: Manage AWS services via the command line.
• AWS SDK: Manage services using programming languages.
• Access Keys: Access AWS using CLI or SDK.
• Audit: IAM Credential Reports and IAM Access Advisor.

EC2 (Elastic Compute Cloud)

• EC2 Instance: AMI (Operating System) + Instance size (CPU, RAM) + Storage + Security Group + EC2 User Data.

• Security Groups: Firewall attached to the EC2 instance.

• EC2 User Data: Script launched on first instance startup.

• SSH: Start terminal into EC2 instances (port 22).

• EC2 Instance Role: Linking to IAM roles.

• Purchasing Options: On-demand, Spot, Reserved (standard/convertible), Dedicated Host, Dedicated Instance.

• EC2 Instance Storage:

  • EBS Volumes: Network drives attached to a single EC2 instance. Mapped to Availability Zones. EBS snapshots for backups/transferring volumes across AZs.
  • Instance Store: High-performance disk attached to the instance. Lost if instance is stopped/terminated.

• EFS (Elastic File System): Network file system, attachable to hundreds of instances in a region.

• EFS-IA (Infrequent Access): Cost-optimized storage for infrequent access files.

• FSx for Windows: Network file system for Windows servers.

• FSx for Lustre: High-performance computing Linux file system.

ELB & ASG

• High Availability vs Scalability (vertical/horizontal) vs Elasticity vs Agility in the Cloud.
• Elastic Load Balancers (ELB): Distribute traffic across backend EC2 instances (multi-AZ support). Supports health checks. Four types: Classic, Application (HTTP-L7), Network (TCP-L4), Gateway (L3).
• Auto Scaling Groups (ASG): Implement elasticity for applications across multiple AZs. Scales EC2 instances based on demand and replaces unhealthy instances. Integrated with ELB.

Amazon S3

• Buckets vs Objects: Globally unique names, tied to a region.
• S3 Security: IAM policies, S3 bucket policies (public access), S3 encryption.
• S3 Websites: Host static websites on S3.
• S3 Versioning: Multiple file versions, prevents accidental deletion.
• S3 Replication: Same or cross-region replication (requires versioning).
• S3 Storage Classes: Standard, Infrequent Access (IA), One Zone-IA, Intelligent-Tiering, Glacier (Instant/Flexible/Deep Archive).
• Snow Family (SnowCone, Snowball, SnowMobile): Import data to S3 via physical devices (online/offline).
• Storage Gateway: Hybrid solution extending on-premises storage to S3.

Databases & Analytics

• Relational Databases (OLTP): RDS & Aurora (SQL).
• In-memory Database: Elasticache.
• Key/Value Database: DynamoDB (serverless) & DAX (DynamoDB cache).
• Warehouse (OLAP): Redshift (SQL).
• Hadoop Cluster: EMR.
• Athena: Query data on S3 (serverless, SQL).
• QuickSight: Dashboards on data (serverless).
• DocumentDB: "Aurora for MongoDB," JSON-based NoSQL database.
• Amazon QLDB: Financial transactions ledger (immutable journal, cryptographically verifiable).
• Glue: Managed ETL (Extract, Transform, Load) and Data Catalog service.
• Database Migration: DMS.
• Neptune: Graph database (social networks).

Other Compute

• Docker: Container technology.
• ECS (Elastic Container Service): Run Docker containers on EC2 instances.
• Fargate: Run containers without EC2 instance provisioning (serverless).
• ECR (Elastic Container Registry): Private Docker image repository.
• Batch: Run batch jobs on managed EC2 instances.
• Lightsail: Predictable, low-cost for simple applications and databases.
• Lambda: Serverless, Function as a Service, seamless scaling, reactive.
• Lambda Billing: By execution time & provisioned RAM, and by number of invocations. Supported languages (many). Invocation time up to 15 minutes.
• API Gateway: Expose Lambda functions as HTTP APIs.

Deployment

• CloudFormation: Infrastructure as code. Works with almost all AWS resources, repeatable across regions and accounts.
• Beanstalk: Platform as a Service (PaaS). Limited to specific programming languages or Docker. Consistent deployments with known architecture (e.g., ALB+BC+RDS).
• CodeDeploy: Deploy and upgrade applications on servers (hybrid).
• Systems Manager: Patch, configure, and run commands at scale (hybrid).
• OpsWorks: Managed Chef and Puppet in AWS (hybrid).
• CodeCommit: Private Git repository (version control).
• CodeBuild: Build and test code in AWS.
• CodeDeploy: Deploy code to servers.
• CodePipeline: Orchestrate CI/CD pipeline (code to build to deploy).
• CodeArtifact: Store software packages/dependencies on AWS.
• CodeStar: Unified view for developers (CI/CD, code).
• Cloud9: Cloud IDE with collaboration.
• AWS CDK: Define cloud infrastructure using programming language.

Leveraging the AWS Global Application

• Global DNS (Route 53): Route users to the closest deployment for low latency. Helps with disaster recovery.
• Global Content Delivery Network (CDN) (CloudFront): Replicate application to AWS Edge Locations, reduce latency by caching common requests.
• S3 Transfer Acceleration: Accelerate global uploads and downloads to S3.
• AWS Global Accelerator: Improve global application availability and performance.
• AWS Outposts: Deploy AWS services in on-premises data centers.
• AWS Wavelength: Bring AWS services to 5G networks for ultra-low latency applications.
• AWS Local Zones: Bring AWS resources closer to users for low latency applications.

Cloud Integration

• SQS (Simple Queue Service): Queue service (multiple producers, messages retained up to 14 days). Multiple consumers for read/delete. Decouples applications in AWS.
• SNS (Simple Notification Service): Notification service (subscribers: email, Lambda, SQS, HTTP, mobile). Sends to all subscribers, no message retention.
• Kinesis: Real-time data streaming, persistence, and analysis.
• Amazon MQ: Managed message broker for ActiveMQ and RabbitMQ. Protocols like MQTT and AMQP.

Cloud Monitoring

• CloudWatch: Metrics, alarms, logs, events. Monitor AWS services, automate notifications and actions.

• CloudTrail: Audit API calls in your AWS account.

• CloudTrail Insights: Automated analysis of CloudTrail events.

• X-Ray: Trace requests through distributed applications.

• AWS Health Dashboard: Status of all AWS services. Account-level dashboard displaying infrastructure impacting events.

• Amazon CodeGuru: Automated code reviews, performance recommendations.

AWS Security & Compliance

• Shared Responsibility Model.
• Shield: Automatic DDoS protection, 24/7 support for advanced security.
• WAF: Firewall to filter incoming requests.
• KMS: Managed encryption keys.
• CloudHSM: Hardware encryption (manage keys).
• ACM (AWS Certificate Manager): Provision, manage, deploy SSL/TLS certificates.
• GuardDuty: Find malicious behavior.
• Inspector: Find software vulnerabilities.
• Network Firewall: Protect VPC from network attacks.
• Config: Track configuration changes and compliance.
• Macie: Find sensitive data (PII).
• CloudTrail (tracks API calls).
• Amazon Detective: Find the root cause of security issues.
• AWS Abuse: Report AWS resources used for abusive purposes.

Root User Privileges

• Changing account settings.
• Account closure.
• AWS support plan changes.
• Reserved Instance Marketplace seller registration.

AWS Machine Learning

• Rekognition: Face detection, labeling, celebrity recognition.
• Transcribe: Audio to text (subtitles).
• Polly: Text to audio.
• Translate: Translations.
• Lex: Build conversation bots (like Alexa).
• Connect: Cloud contact center.
• Comprehend: Natural Language Processing.
• SageMaker: Machine Learning for developers/data scientists.
• Forecast: Highly accurate forecasts.
• Kendra: ML-powered search engine.
• Personalize: Real-time personalized recommendations.
• Textract: Detect text and data in documents.

AWS VPC & Network

• VPC (Virtual Private Cloud): Virtual network in AWS.
• Subnets: Network partitions within VPC, tied to Availability Zones.
• Internet Gateway: VPC-level internet access.
• NAT Gateway/Instances: Internet access for private subnets.
• NACL: Stateless, subnet-level rules for inbound/outbound.
• Security Groups: Stateful, operate at the EC2 instance level or ENI level.
• VPC Peering: Connect two VPCs (non-overlapping IP ranges, non-transitive).
• Elastic IP: Fixed public IPv4 address (ongoing cost if idle).
• VPC Endpoints: Private access to AWS services within VPC.
• PrivateLink: Privately connect to a 3rd-party VPC service.
• VPC Flow Logs: Network traffic logs.
• Site-to-Site VPN: VPN over public internet between on-premises and AWS.
• Client VPN: OpenVPN connection from your computer to VPC.
• Direct Connect: Direct private connection to AWS.
• Transit Gateway: Connect numerous VPCs and on-premises networks.

Account Best Practices

• Organizations: Operate multiple accounts.
• SCP (Service Control Policies): Restrict account power.
• AWS Control Tower: Setup multiple accounts with best practices.
• Tags & Cost Allocation Tags: Easy management and billing.
• IAM Guidelines: MFA, Least Privilege, Password Policy, Rotation.
• Config: Record resource configurations & compliance.
• CloudFormation: Deploy stacks across accounts/regions.
• Trusted Advisor: Get AWS insights. Adapt Support Plans.
• Account Compromise Actions: Change root password, delete keys, contact AWS support.
• AWS Service Catalog: Allow users to create predefined stacks.

Billing and Costing Tools

• Compute Optimizer: Recommends resource configurations for cost reduction.
• Pricing Calculator: AWS service cost estimations.
• Billing Dashboard: High-level overview. Free tier display.
• Cost Allocation Tags: Tag resources for detailed reports.
• Cost and Usage Reports: Comprehensive billing data.
• Cost Explorer: Current usage, predicted usage.
• Billing Alarms: Track overall & per-service billing.
• Budgets: Track usage/costs, get alerts on RI usage.
• Saving Plans: Save money based on long-term usage.
• Cost Anomaly Detection: Detect unusual spending via Machine Learning.
• Service Quotas: Notifications about service quota thresholds.

Disaster Strategy

• Backup/Restore.
• Pilot Light.
• Warm Standby.
• Multi-site/Hot-Site

Other Services

• Elastic Disaster Recovery (DRS): Recover servers to AWS.
• AWS DataSync: Move large data to/from AWS.
• AWS Application Discovery Service: Planning migration projects by gathering data.
• Migration Hub: Central location to collect server/application data & track migration status.
• Migration Hub Orchestrator: Pre-built migration templates.
• AWS Fault Injection Simulator (FIS): Stress test applications via Chaos Engineering.
• Step Functions: Visual workflows for orchestrating Lambda functions.
• Ground Station: Manage satellite communications & processing.
• Pinpoint: 2-way marketing communication with various channels (email, SMS, etc.).
• AppSync: Sync data across mobile/web apps.
• Amplify: Build/deploy full-stack web/mobile apps.
• Device Farm: Test apps on various devices.
• Backup: Centrally manage backups.
• Application Migration Service (MNG): Migrate apps to AWS.
• Migration Evaluator: Assess and plan migrations.

Description

Test your knowledge on various AWS services and their functionalities. This quiz covers topics such as IoT device connectivity, virtual desktop infrastructure, and disaster recovery strategies within AWS. Challenge yourself to match services with their primary features and learn more about cloud technologies.