AWS Shared Responsibility and Services

Questions and Answers

Which responsibilities does AWS have within the shared responsibility model? (Select 2)

• Securing the hardware, software, facilities, and networks that run all products and services. (correct)
• Obtaining industry certifications and independent third-party attestations. (correct)
• Providing client-side data encryption and data integrity authentication.
• Configuration of the operating system, network, and firewall.

What can S3 be used for in a web application? (Select 2)

• Store static content such as images, video, CSS, JavaScript, etc. (correct)
• Serve as a backend database for web applications.
• Distribute dynamic web content only.
• Host a robust CDN to deliver entire web sites with dynamic, static, and streaming content. (correct)

What are AWS edge locations used for? (Select 2)

• Hosting applications directly.
• Delaying content delivery to optimize performance.
• Reducing the load on the origin by caching responses. (correct)
• Delivering content with low latency. (correct)

Why are fewer subnets of larger sizes preferred over higher numbers of subnets of smaller sizes? (Select 2)

Workload placement is simplified with fewer subnets. (A), You are less likely to run out of IP addresses with fewer subnets. (D)

Which of the following is not an AWS managed database service?

AWS CodeCommit (D)

Which statements regarding Amazon Virtual Private Cloud (VPC) are true? (Select 2)

Subnets can span Availability Zones. (A), A subnet defines a range of IP addresses in your VPC. (C)

Which of the following is NOT true about internet gateways?

They can limit outgoing bandwidth to instances. (A)

What is a benefit of using Amazon S3 for web hosting?

It provides unlimited bandwidth for content delivery. (A)

What occurs when automated backups are enabled for a DB instance in Amazon RDS?

A full daily snapshot is performed during the preferred backup window. (C)

Which term describes the process of increasing hardware power to scale up databases?

Vertical scaling (D)

Which of the following actions can be performed using IAM? (Select all that apply)

Manage AWS users and groups (B), Use existing corporate identities for access (C)

Following best security practices, how should the account root user be utilized?

It should be rarely used. (A)

What does Total Cost of Ownership (TCO) include?

Direct and indirect costs associated with ownership (C)

Can an EFS volume be mounted concurrently to multiple EC2 instances?

Yes, it can be mounted to multiple instances simultaneously. (C)

Which URI should be used to view all categories of instance metadata from within a running instance?

http://169.254.169.254/latest/meta-data (C)

What term is used to describe SaaS solutions that share computing resources behind the scenes?

Multitenant solutions (A)

What scaling method involves increasing servers to accommodate database demand?

Horizontal scaling (A)

Where are manual database snapshots stored?

Amazon Simple Storage Service (Amazon S3) (D)

For running monthly reports that process large datasets efficiently, which EC2 purchasing option should be preferred?

Reserved (C)

What is the bare minimum requirement for ensuring high availability in a solution?

Multi-AZ (D)

If resources are provisioned across multiple Availability Zones, what will be the impact of issues in one zone?

Resources in another zone will not be affected. (C)

What is the main advantage of placing a cache in front of your Amazon RDS instance?

Increased speed of reads from your database (D)

Can IAM policies be assigned to IAM roles?

Yes, they can be attached to roles (D)

In Amazon DynamoDB, what describes an attribute?

A name-value pair (C)

Which family of Amazon EC2 instances is most suitable for a small website project with a database?

General Purpose (t2, m4, m3) (C)

Which statement about route tables is NOT true?

Each subnet can have a maximum of five route tables associated with it. (D)

What is Amazon Glacier primarily used for?

Durable storage for data archiving and backup (A)

Which EC2 purchase type allows users to bid for unused compute capacity?

Spot (D)

Which EC2 purchase type allows you to run instances on isolated hardware?

Dedicated (D)

What does high availability ensure for an application?

Ensuring that your application is available at least 99.99% of the time. (D)

What best describes Amazon EC2?

Analogous to a cloud-based server (C)

What does a virtual machine offer compared to a container?

Higher overhead during creation (B)

AWS highly recommends provisioning your compute resources across ____________ Availability Zones.

Multiple (B)

Each Availability Zone is designed to be isolated from failures in other Availability Zones.

True (C)

___________ act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.

Security groups (C)

An AMI is a template used to launch a:

EC2 instance (D)

Fault tolerance refers to:

The built-in redundancy of an application's components. (A)

A cost-effective purchase type for predictable workloads is:

Reserved Instances (C)

Amazon RDS is suitable for an application that requires:

High durability (B), Complex transactions or complex queries (C)

Amazon Elastic Block Store (EBS) storage:

Can persist independently of the life of the instance. (C)

Study Notes

AWS Shared Responsibility Model

• AWS is responsible for securing hardware, software, facilities, and networks.
• AWS also obtains industry certifications and independent third-party attestations.

Amazon S3 Use Cases

• S3 can store static content, including images, videos, CSS, and JavaScript.
• It is capable of distributing both static and dynamic web content as well as hosting a CDN for comprehensive web delivery.

AWS Edge Locations

• Edge locations reduce load on the origin by caching responses.
• They deliver content with low latency.

Subnetting Preferences

• Fewer subnets of larger sizes simplify workload placement.
• With fewer subnets, there's a lower chance of running out of IP addresses.

AWS Managed Database Services

• AWS CodeCommit is not an AWS managed database service.
• Amazon RDS, Amazon Redshift, and Amazon DynamoDB are examples of AWS managed database services.

Amazon VPC

• A private subnet is for resources not accessible over the Internet.
• Subnets define a range of IP addresses within a VPC.

Internet Gateways

• Internet gateways are highly available and allow attached subnets to access the public Internet.
• They are redundant by default but have a set bandwidth limit.

EC2 Instance Types for Project

• General Purpose (t2, m4, m3) instances are ideal for simple websites with small databases.

Route Tables in VPCs

• Each subnet in a VPC must be associated with a route table.
• Each VPC comes with a default route table upon creation.

Amazon Glacier

• Amazon Glacier is designed for durable storage for data archiving and backup.

EC2 Purchase Types

• Spot Instances allow bidding for unused compute capacity.
• Dedicated Instances run on isolated hardware.

High Availability

• High availability ensures applications have redundant components and aim for minimal downtime.

Amazon EC2 Description

• Amazon EC2 is analogous to a cloud-based server.

Security Groups

• Security groups filter traffic based on TCP, UDP, and ICMP protocols.
• They are stateful, enforcing rules at the instance level.

On-Demand EC2 Instances

• On-Demand Instances allow payment by the hour without long-term commitments.

Virtual Machine vs. Container

• Virtual machines have more overhead than containers and are slower to create.

Automated Backups for RDS

• When automated backups are enabled, Amazon RDS conducts full daily snapshots during a specified backup window.

Vertical vs. Horizontal Scaling

• Vertical scaling increases hardware power for databases.
• Horizontal scaling involves adding more servers.

IAM Capabilities

• IAM can create and manage users, utilize corporate identities for secure access, and control permissions for resources.

Root User Security Best Practices

• Following best practices, the root user should not be used frequently.

Total Cost of Ownership (TCO)

• TCO encompasses all costs, both direct and indirect, related to owning equipment.

EFS Volume Accessibility

• EFS volumes can be concurrently mounted to multiple EC2 instances.

Instance Metadata Access

• Access instance metadata using the URI: http://169.254.169.254/latest/meta-data.

SaaS Solutions

• Many SaaS solutions are multitenant, meaning customers may share computing resources.

Identifying S3 Bucket Names

• In the URL http://mycontainer.s3.amazonaws.com/AprilStuff/ProjectPlan.docx, the bucket name is "mycontainer".

Amazon VPC Functionality

• VPC allows adding network security layers via private subnets and defining custom network topologies.

Security Groups Role

• Security groups act as a firewall for associated EC2 instances, regulating inbound and outbound traffic.

Amazon Machine Image (AMI)

• An AMI is a template for launching an EC2 instance.

RDS as a Managed Service

• Amazon RDS is a managed database service.

Fault Tolerance Definition

• Fault tolerance refers to an application's ability to restore lost data quickly and maintain functionality despite failures.

Amazon EBS Characteristics

• Amazon EBS storage can persist independently of the instance's lifecycle.

Description

Explore the essential components of the AWS shared responsibility model, various Amazon S3 use cases, and AWS managed database services. This quiz also covers subnetting preferences and the role of AWS edge locations in improving performance. Test your knowledge of AWS cloud architecture and services.