AWS Solutions Architect Exam - SAA-C03

Questions and Answers

What is the primary focus of the course mentioned?

Basic IT skills development

Advanced database management

Solutions Architect exam preparation (correct)

Cloud service pricing strategies

Which of the following AWS services content will be covered in the course?

AWS services only for developers

Only database services

Over 30 AWS services (correct)

Only services relevant to EC2

Who is the instructor for the course?

Stephane Maarek, a veteran instructor on AWS (correct)

An anonymous cloud expert

A beginner-level IT consultant

A current AWS Solutions Architect with no teaching experience

What basic requirement is suggested for participants of the course?

Basic IT knowledge

What unique content does the course include?

Videos from various AWS-related courses

What type of MFA device is provided by Gemalto for AWS?

Hardware Key Fob MFA Device

Which of the following is a way to access AWS directly through command-line tools?

AWS Command Line Interface (CLI)

What are access keys in AWS similar to?

Username and password

Which of these statements about access keys is correct?

They are generated through the AWS Management Console.

What is the function of the AWS CLI?

Enable interaction with AWS services using commands

What does the Secret Access Key in AWS function as?

Account verification password

Which of these is NOT an option for accessing AWS?

AWS File Transfer Protocol (FTP)

Who manages their own access keys in AWS?

All AWS users

What type of storage must the root volume be for an instance?

EBS, encrypted, and large

Which of the following statements about EBS volumes is true?

EBS volumes can persist data after instance termination.

What is the maximum duration an instance can be hibernated?

60 days

Which statement correctly describes an EBS (Elastic Block Store) volume?

It functions like a network drive and is bound to an availability zone.

What type of EBS storage is offered as part of the free tier?

General Purpose (SSD) or Magnetic up to 30 GB

What is the primary cost structure of On-Demand Instances?

Pay by second for Linux and Windows, hourly for others

Which type of EC2 instance is best suited for unpredictable, short workloads?

Spot Instances

What is a key feature of Convertible Reserved Instances?

They allow changes to instance type, family, and OS

For how long can a Reserved Instance be purchased?

1 year or 3 years

Which of the following is NOT a benefit of Reserved Instances?

Higher cost compared to On-Demand

What distinguishes Dedicated Hosts from Dedicated Instances?

Dedicated Hosts allow for instance placement control

What is a key characteristic of Savings Plans?

They provide savings in exchange for a commitment to an amount of usage

What type of billing system is used for Linux and Windows On-Demand Instances?

Billing per second after the first minute

What is the default status of inbound traffic in security groups?

All inbound traffic is blocked

Which port is used for Secure Shell (SSH) access in security groups?

22

In a security group, what can rules reference?

By both IP addresses and other security groups

What is the primary function of a security group in relation to EC2 instances?

To act as a firewall regulating inbound and outbound traffic

If your application times out, what could be the cause?

A security group misconfiguration

Which of the following is NOT typically controlled by a security group?

Performance of the EC2 instance

For SSH access, which security group rule would you implement?

Allow inbound traffic on port 22

What is a common misconception regarding outbound traffic in security groups?

Outbound traffic is authorized by default

How many instances can a single security group be attached to?

Multiple instances

Which port is associated with HTTP traffic?

80

What does it mean if an application gives a 'connection refused' error?

The application is not running or has not been launched

Which of the following protocols has a corresponding port of 443?

HTTPS

What does a security group primarily restrict?

Traffic to and from an EC2 instance

Study Notes

AWS Solutions Architect Exam - SAA-C03

• The course is designed for the AWS Solutions Architect - Associate exam (SAA-C03).
• Basic IT knowledge is required.
• The course will cover over 30 AWS services.
• The course includes videos from the Cloud Practitioner, Developer and SysOps courses, as well as videos specific to the Solutions Architect exam.

Instructor

• The instructor is Stephane Maarek, an AWS Solutions Architect and veteran instructor.
• He worked as an IT consultant and has built websites, apps, and streaming platforms using AWS.
• You can find him on GitHub, LinkedIn, Medium, and Twitter.

Multi-Factor Authentication (MFA) in AWS

• MFA devices can be hardware key fobs.
• Gemalto and SurePassID are third-party providers for hardware key fobs.
• Hardware key fobs are available for AWS GovCloud (US).

Accessing AWS

• You can access AWS through the AWS Management Console, AWS Command Line Interface (CLI), or AWS Software Development Kit (SDK).
• The Management Console is protected by passwords and MFA.
• The CLI and SDK are protected by access keys.
• Access keys are generated through the AWS Console.
• Users manage their own access keys.
• Access keys are secret and should not be shared.
• Access Key ID is similar to a username.
• Secret Access Key is similar to a password.

AWS Command Line Interface (CLI)

• The CLI is a tool that allows you to interact with AWS services using commands in your command-line shell.
• It provides direct access to the public APIs of AWS services.
• You can develop scripts to manage your resources.
• It is open-source and available on GitHub.
• The CLI is an alternative to the AWS Management Console.

AWS Software Development Kit (SDK)

• The SDK allows you to manage and interact with AWS services programmatically.
• You can use the SDK to develop applications that interact with AWS services.
• It is an alternative to manually making API calls.

Security Groups

• Security groups act as a firewall on EC2 instances.
• They regulate access to ports, authorized IP ranges, and control inbound and outbound network traffic.
• Security groups have rules that define what traffic is allowed in and out of the EC2 instance.
• Security groups can be attached to multiple instances.
• Security groups are locked down to a specific region and VPC combination.
• They live outside the EC2 instances.
• All inbound traffic is blocked by default.
• All outbound traffic is authorized by default.

EC2 Instance Purchasing Options

• On-Demand Instances: - Short workload, predictable pricing, pay by second
• Reserved Instances (1 & 3 years): - Long workloads, discount, upfront payment commitment
  • Conver tible Reserved Instances: - Flexible instance type, family, OS, scope, and tenancy
• Savings Plans (1 & 3 years): - Commitment to an amount of usage, long workload, discount
• Spot Instances: - Short workloads, cheap, can lose instances (less reliable)
• Dedicated Hosts: - Book an entire physical server, control instance placement
• Dedicated Instances: - No other customers share your hardware
• Capacity Reservations: - Reserve capacity in a specific Availability Zone for any duration

EC2 Instance Purchasing Option Details

• On-Demand Instances: Pay for what you use, highest cost, no upfront payment, no long-term commitment. Recommended for short-term and uninterrupted workloads.
• Reserved Instances: Up to 72% discount compared to On-Demand, long-term commitment. Recommended for steady-state usage applications. Can be bought and sold in the Reserved Instance Marketplace.

EC2 Instance Storage

• Instance Store: - Temporary storage that is lost when the instance terminates.
• Elastic Block Store (EBS): - Persistent storage that is not lost when the instance terminates. Can be mounted to only one instance at a time and are bound to a specific Availability Zone.

EBS Volume

• An EBS volume is a network drive that can be attached to your instances while they run.
• It allows instances to persist data even after termination.
• Only one instance can be mounted at the same time.
• Bound to a specific Availability Zone.
• Free tier: 30 GB of free EBS storage per month.
• Analogous to a "network USB stick".

Classic Ports

• 22: SSH (Secure Shell) - log into a Linux instance
• 21: FTP (File Transfer Protocol) – upload files into a file share
• 22: SFTP (Secure File Transfer Protocol) – upload files using SSH
• 80: HTTP – access unsecured websites
• 443: HTTPS – access secured websites
• 3389: RDP (Remote Desktop Protocol) – log into a Windows instance

SSH Summary Table

• Mac/Linux: Use SSH
• Windows < 10: Use Putty
• Windows >= 10: Use SSH or Putty
• EC2 Instance Connect: Use EC2 Instance Connect tool

SSH Troubleshooting

• If SSH doesn't work, try these steps:
  • Make sure your security group allows inbound traffic on port 22.
  • Verify your EC2 instance's status and ensure it is running.
  • Confirm that you are using the correct SSH credentials.
  • Ensure that the SSH client you are using is properly configured.

Important to Remember

• An instance can NOT be hibernated more than 60 days.
• The root volume for an instance must be EBS, encrypted, not instance store, and large.
• Instance storage is temporary and is lost when the instance shuts down.
• An EBS volume can be attached to only one instance at a time.

Description

This quiz is designed to help you prepare for the AWS Solutions Architect - Associate exam (SAA-C03). It covers over 30 AWS services, including access methods like Management Console, CLI, and SDK. With insights from an experienced instructor, you will enhance your understanding of AWS and Multi-Factor Authentication (MFA).