AWS Services Overview

Questions and Answers

What is one of the key responsibilities of a company using Amazon RDS?

• Backing up database instances
• Monitoring database performance
• Scaling database instances automatically
• Creating IAM policies to control administrative access (correct)

What benefit does AWS provide regarding infrastructure capacity requirements?

• Users can eliminate the need to guess capacity requirements (correct)
• Users can avoid scalability concerns
• Users get full control over hardware provisioning
• Users can permanently allocate resources

Which feature of Amazon RDS ensures high availability by using a standby replica?

• Backup and Restore
• Read Replicas
• Database Snapshots
• Multi-AZ Deployment (correct)

Which AWS service is best for checking IAM access keys for rotation status?

AWS Trusted Advisor (B)

What AWS feature can control network traffic specifically between EC2 instances?

Security Groups (A)

Which AWS service allows companies to discover and protect sensitive data in S3?

Amazon Macie (A)

Which component can limit network access at the subnet level?

Network ACLs (A)

What AWS service is specifically designed to manage encryption keys?

CloudHSM (C)

Which service allows companies to deploy third-party security tools like IDS in AWS?

AWS Marketplace (C)

Which AWS service automates application deployments to improve operational efficiency?

AWS CodeDeploy (D)

Which AWS service allows users to securely store and manage sensitive information like database credentials?

AWS Secrets Manager (A)

Which combination of actions should a company take to ensure an employee has CLI and SDK access to RDS only, following the principle of least privilege?

Create an IAM user with programmatic access and attach an RDS access policy (B)

What service should a company use to ensure minimum latency for a website reaching a global audience?

Amazon CloudFront (B)

Which AWS design principle focuses on minimizing dependencies between application components?

Loose Coupling (D)

For running a web service application that needs infrequent usage, which billing model is most cost-effective?

On-Demand Instances (B)

Which AWS service is most suitable for integrating and preparing data for analytics and machine learning?

AWS Glue (C)

What should a company use to deploy WAF rules for web applications?

Application Load Balancer (C)

Which AWS service is NOT designed for securely storing credentials?

AWS Encryption SDK (D)

Which feature in AWS helps to automatically scale applications based on demand?

Auto Scaling (D)

What pricing model provides the biggest savings for non-production environments that do not require continuous availability?

Spot Instances (B)

Which AWS service is designed specifically for migrating data between AWS storage services?

AWS DataSync (B)

What is one benefit of using AWS Cloud regarding financial expenditure?

Ability to trade fixed expenses for variable expenses (D)

Which pillar of the AWS Well-Architected Framework focuses on continuous improvement of processes?

Operational Excellence (D)

Which AWS service allows a company to consolidate billing for multiple accounts?

AWS Organizations (A)

Which AWS service can a company use to set spending limits and receive alerts for exceeded limits?

AWS Budgets (A)

Which AWS support plan includes access to a Technical Account Manager (TAM)?

Enterprise Support Plan (A)

Where can users access reference architectures and design best practices for AWS solutions?

AWS Architecture Center (D)

What aspect of AWS Cloud can lead to economies of scale for its users?

AWS's large and shared infrastructure (A)

Which of the following is NOT a benefit of AWS DataSync?

Real-time data synchronization (C)

In what way does AWS Budgets enhance financial management for organizations?

Allows for tracking actual costs against planned budgets (A)

Which service automatically adjusts the number of EC2 instances based on demand?

AWS Auto Scaling (B)

What AWS service allows the management of user permissions as a group?

IAM Groups (A)

Under the shared responsibility model for AWS Lambda, what task does the company need to handle?

Writing business logic code (B)

Which service should a company use to track API calls and actions performed on specific AWS resources?

AWS CloudTrail (D)

What service provides secure storage and management of encryption keys in AWS?

CloudHSM (C)

Which AWS service allows users to store files and download them using a public URL?

Amazon S3 (C)

What is NOT a responsibility of the customer using AWS Lambda?

Patching the operating system (B)

Which AWS service is specifically designed to log changes in AWS resources?

AWS Config (D)

What capability does AWS Auto Scaling provide?

Minimizing instance costs automatically based on demand (B)

Which solution would be inappropriate for managing permissions for multiple AWS users?

Security Groups (C)

Flashcards

What is AWS DataSync?

AWS DataSync is a service specifically designed for moving data between different AWS storage services like S3, EFS, and FSx, as well as on-premises storage systems. It offers automation and optimization for efficient data migration.

How is the AWS Cloud cost-effective?

The AWS Cloud offers cost-effectiveness by allowing users to move from fixed upfront hardware costs to paying only for the resources they use. This approach also leverages AWS's economies of scale, benefiting from their large infrastructure.

Which pillar of the AWS Well-Architected Framework focuses on continuous improvement?

Operational Excellence is one of the pillars of the AWS Well-Architected Framework that focuses on running and managing systems to deliver business value. It emphasizes continuous improvement of processes and procedures for better efficiency and effectiveness.

How can I manage multiple AWS accounts and consolidate billing under a single account?

AWS Organizations is a service that enables centralized management for multiple AWS accounts, including consolidated billing. With Organizations, one central account can handle billing for all other accounts within your organization.

How can I set spending limits and control AWS costs?

AWS Budgets is a service that lets you set spending limits for your AWS usage. You can customize these limits and receive alerts when you're approaching or exceeding those limits, allowing you to better control your cloud spending.

Which AWS support plan provides access to a dedicated Technical Account Manager (TAM)?

The Enterprise Support Plan is the highest tier of AWS support and includes access to a dedicated Technical Account Manager (TAM). This provides you with direct access to an expert who can assist with your technical inquiries, account management, and best practices.

Where can I find examples of AWS Cloud solution designs?

The AWS Architecture Center is a valuable resource that offers a collection of various AWS Cloud solution designs, including reference architectures, diagrams, and best practices. This resource provides examples and guidance for building solutions on AWS.

Who manages IAM policies for RDS?

RDS users are responsible for managing user access and permissions, including creating IAM policies for administrative access.

How does AWS provide flexibility for infrastructure?

Allows users to adjust resources as needed, eliminating the need to guess about infrastructure capacity requirements upfront.

What is Multi-AZ Deployment in RDS?

Creates a primary database instance and a synchronous standby replica in different Availability Zones for high availability and data durability.

How to check for unrotated IAM access keys?

Trusted Advisor provides security recommendations, including checking for IAM access keys that haven't been rotated, to align with security best practices.

How to manage network traffic for EC2 instances?

Security Groups act as a virtual firewall for EC2 instances, controlling inbound and outbound traffic at the instance level.

What are components of a VPC?

Internet Gateway provides a gateway to the public internet for instances in your VPC. Subnet represents a range of IP addresses within your VPC.

What design principle ensures application resilience?

Loose Coupling minimizes dependencies between application components, allowing an application to function even if one component fails.

How to protect sensitive data in S3?

Amazon Macie uses machine learning to automatically discover and protect sensitive data, like PII, stored in S3.

How to limit network access at the subnet level?

Network ACLs control network traffic at the subnet level, acting as a firewall for the subnet.

How to manage encryption keys securely in the cloud?

CloudHSM is a cloud-based hardware security module (HSM) that allows for secure generation and management of encryption keys.

What is AWS Auto Scaling?

A service that automatically adjusts the number of EC2 instances based on demand, ensuring sufficient resources while minimizing costs.

How can you organize user permissions into manageable groups in AWS?

IAM Groups enable managing permissions for multiple users as a unit, simplifying permission administration.

When using AWS Lambda for Python code, what are the company's responsibilities under the shared responsibility model?

The company is responsible for writing business logic code and managing IAM access for the Lambda service.

Which AWS service can track API calls and user actions for a specific resource?

AWS CloudTrail provides a detailed log of all API calls, including the user who made the request and the specific actions taken.

What is CloudHSM and what's its purpose?

CloudHSM offers secure storage and management of encryption keys using dedicated hardware security modules.

Which AWS service enables public file downloads via URLs?

Amazon S3 allows you to generate pre-signed URLs, enabling temporary public access to specific objects for direct download.

What is AWS Secrets Manager?

A service that securely stores, manages, rotates, and retrieves sensitive information like database credentials and API keys.

What does the AWS Well-Architected Framework provide?

This framework offers design guidelines, not scaling capabilities.

What is Compute Optimizer's main function in AWS?

Compute Optimizer recommends instance types but doesn't adjust capacity based on demand.

What is AWS WAF?

A web application firewall that can be deployed with the Application Load Balancer, enabling you to apply security rules for web traffic.

How can a company ensure a website reaches a global audience and provides minimal latency to users?

A content delivery network (CDN) that caches content globally for low latency and high transfer speeds, ensuring users across the world experience faster website access.

Which AWS service helps visualize and manage costs?

Cost Explorer visualizes and manages costs, but doesn't directly control scaling.

What is the purpose of Resource Groups in AWS?

Resource Groups organize resources using tags, not for managing user permissions.

What is Loose Coupling?

A design principle that aims to reduce dependencies between application components, making applications more resilient and easier to maintain.

What is the principle of least privilege?

A security principle that restricts user access to only the resources necessary for their job functions, minimizing the potential harm if credentials are compromised.

What is the On-Demand Instance billing model?

A billing model for EC2 instances where you pay only when the instances are running, making it ideal for infrequent usage.

What is AWS Glue?

A serverless data integration service that simplifies the process of discovering, preparing, moving, and integrating data from multiple sources for analytics and machine learning.

What are Spot Instances?

A cost-effective pricing model for EC2 instances where you bid on unused EC2 capacity. This allows you to run workloads at a significantly lower cost but also comes with the risk of occasional interruptions.

What is the Application Load Balancer?

A type of load balancer that operates at the application layer (Layer 7) and can be configured to distribute user traffic across multiple EC2 instances. It also enables integration with AWS WAF for security.

How can a company ensure its application responds to changes in demand at the lowest cost possible?

A service that provides a cost-effective solution for running applications with occasional spikes in demand. It allows you to scale up and down quickly to handle fluctuating workloads, minimizing cost for inactive periods.

Study Notes

AWS Services and Features

• AWS DataSync: Migrates data between AWS storage services (S3, EFS, FSx) and on-premises. Provides automation for efficient data migration.

• AWS Organizations: Centralized management for multiple AWS accounts, including consolidated billing.

• AWS Budgets: Sets spending limits and triggers notifications if those limits are exceeded, providing financial control.

• AWS Enterprise Support Plan: Includes a dedicated Technical Account Manager (TAM).

• AWS Architecture Center: Provides reference architectures, diagrams, and best practices for designing AWS solutions.

• AWS Trusted Advisor: Provides recommendations, including checks for unrotated IAM access keys, and aligns with security best practices.

• Security Groups: Act as a virtual firewall for EC2 instances, controlling inbound and outbound network traffic at the instance level.

• Internet Gateway (VPC): Connects VPC instances to the public internet.

• Subnet (VPC): Represents a range of IP addresses within a VPC.

• AWS Macie: Uses machine learning to identify and protect sensitive data in S3.

• Network ACL (VPC): Controls network traffic at the subnet level.

• CloudHSM: Cloud-based Hardware Security Module (HSM) for secure encryption key management.

• AWS Marketplace: Enables deployment of third-party security tools like intrusion detection systems.

• Amazon CloudFront: Content Delivery Network (CDN) for global content distribution with low latency.

• AWS Auto Scaling: Automatically adjusts the number of EC2 instances in response to demand.

• IAM Groups: Manage permissions for multiple users as a unit.

• AWS CloudTrail: Logs API calls, including who made the request and what actions were performed.

• Amazon S3: Stores files in the cloud; allows generation of pre-signed URLs for public file downloads.

Cost-Effectiveness of AWS Cloud

• Variable vs. Fixed Expenses: AWS allows users to shift from upfront hardware investments to paying only for resources used, trading fixed expenses for variable expenses.

• Economies of Scale: AWS's massive infrastructure achieves cost efficiencies and passes these savings onto customers.

AWS Well-Architected Framework

• Operational Excellence: Focuses on running and managing systems to deliver business value, improving processes, and procedures continuously.

IAM and Access Management

• IAM Policies: Customers are responsible in AWS RDS for managing user access and permissions, including IAM policies.

• Least Privilege: Granting users only the necessary permissions.

Other Concepts

• Loose Coupling: Minimizes dependencies between application components, enabling application resilience to component failures.

• Spot Instances: Cost-effective EC2 instances that can be interrupted based on capacity needs, especially helpful for non-production environments.

• AWS Glue: Serverless data integration service for data discovery, preparation, moving and integrating data for analytics or machine learning tasks.

• Amazon RDS Multi-AZ deployments: Delivers automatic creation of a primary database instance and synchronous replication to another instance in a different Availability Zone for high availability.

• AWS Secrets Manager: Securely stores, manages, and retrieves sensitive information such as credentials or API keys.

• AWS CodeDeploy: Automates software deployments.

• AWS Application Load Balancer: Integrates with AWS WAF (Web Application Firewall) for applying rules.