“Do I Know This Already?” Quiz

1. C. Application agility

2. B. Securing the hypervisor

3. B. S3

4. D. Only when an RDS database has replicas in two availability zones.

5. A. All calls to AWS are API calls, regardless of the access method.

6. D. EC2

7. A. Creating and managing SSH keys and C. Enabling HTTPS on the Apache server

8. C. Compute, networking, and storage solutions as a service

9. D. An IAM-generated secret key and an access key ID

10. B. A datacenter

Q&A

1. availability zone

2. IaaS

3. Route 53

4. Stop using the root account for everyday tasks.

5. Programmatic access

6. The man page of the AWS CLI, the service, or the operation is displayed.

7. The service, operation, and options

8. Client and resource APIs

9. It runs a describe-instances operation on the EC2 service with the credentials and configuration defined in the developer01 profile under the [developer01] section in the files.

10. --output text|json|table

“Do I Know This Already?” Quiz

1. A. User

2. B. Via role assumption based on the user’s group or pool membership

3. D. Allow the action in the role policy. Explicitly deny all other actions by using a “Not” condition.

4. D. All of the answers are correct.

5. B. Create an IdP that authenticates the user of the application and provides it with a role. Create a bucket policy that allows the role access to the bucket.

6. D. Using a role

7. A. Authenticating and authorizing access to the AWS Management Console and B. Authenticating and authorizing access to RDS databases

8. C. 5000

9. C. Glacier

10. A. Users

Q&A

1. True, users can have both a username and password as well as up to two access keys assigned to them.

2. An IAM group

3. An IAM role

4. No. All policies combine with a logical AND. A deny in one policy will take precedence over any allow.

5. An external directory accessible on the web

6. Through a role that is tied to the identity of the user by group or pool membership

7. an unlimited number of users is supported when using federation

8. False. Lambda needs to be granted permissions to access AWS resources within your account.

9. Encryption in transit via TLS and encryption of data at rest via data volume encryption

10. Client-side encryption; encryption of traffic with SSL, TLS, and so on; and a VPN would all provide encryption between the client and the EC2 instance.

“Do I Know This Already?” Quiz

1. A. Transient connections are not supported by VPC peering.

2. C. Shut down the instance, create a snapshot, start a new instance from the snapshot, and select the new availability zone.

3. B. EBS

4. D. Placement of ECS instances across availability zones

5. A. YAML and C. JSON

6. D. BGP

7. C. Desired instances

8. A. Provisioned IOPS volume

9. A. CloudFormation, B. CLI, and D. OpsWorks Stacks

10. A. Lambda

Q&A

1. The VPC subnet placement in multiple availability zones

2. The IGW and NAT gateway

3. A JSON file describing the containerized environment

4. The CLI, code with an SDK, CloudFormation, Elastic Beanstalk, configuration management software, and third-party tools

5. /23 could fit just a few more than 500 hosts, but /22 is recommended with a pool of 1024 addresses so that some additional available IP addresses can be used if needed.

6. Route 53

7. Classic Load Balancer, Network Load Balancer, and Application Load Balancer

8. An EC2 or EBS snapshot is incremental by nature, meaning it consumes space that is equal to the initial consumed data size and the blocks that changed in each next snapshot.

9. Elastic Beanstalk

10. The Parameters section is an optional part of the template that is used to provide parameters to be passed to the resources upon creation. It can contain default values or a list of valid responses.

“Do I Know This Already?” Quiz

1. D. S3

2. C. 5 TB; 5 GB

3. A. Cassandra

4. B. Whether reads are strongly or eventually consistent

5. B. S3 Accelerated Access

6. A. Multi-AZ mode

7. B. Write a script that will run on a predetermined day and hour of the month and snapshot the RDS database. The snapshot can be restored to a working database if required by the BI software.

8. D. Using the on-demand model for DynamoDB

9. D. CloudFront

10. A. Split files 100 MB in size to multipart upload them to increase performance, C. Add metadata when initiating the upload, and E. Use the S3 HTTPS front end to increase security

11. C. Glacier

12. D. HTTP GET requests to the DynamoDB API

13. A. Redis

Q&A

1. False. The data structure will be key to determining the type of storage to be used.

2. True. The video is a recording, thus it never changes. This makes it a static asset.

3. 5 GB

4. IAM policies, bucket policies, and ACLs

5. MySQL, MariaDB, PostgreSQL, Aurora, Microsoft SQL, and Oracle

6. Yes, but only when the RDS service is running in Multi-AZ mode.

7. True. The DynamoDB API gives us both the ability to manage the database as well as access the data.

8. False. In on-demand mode, the RCU and WCU capacities are determined and scaled by the service.

9. ElastiCache running Memcached

10. An origin access identity allows you to strictly control access to the origin.

“Do I Know This Already?” Quiz

1. C. SSH access to execution directory

2. D. The Lambda function execution is limited to 15 minutes.

3. A. There is no way to recall a message in SNS.

4. C. 12.5 million subscribers per topic and 100,000 topics per account.

5. A. Any programing language

6. B. 256 KB for the message and the metadata

7. D. Set a custom visibility timeout when receiving the message.

8. B. Fan-out queue

9. B. Standard queues and FIFO (first-in, first-out) queues

10. A. An IAM permission for the user, group, or role to invoke the Lambda service, B. An execution role attached to the Lambda function with permissions for the Lambda service to use other AWS resources, and C. A resource-based permission attached to the Lambda function that defines which AWS accounts and services are allowed to invoke the function

Q&A

1. Execution role that allows Lambda access to S3

2. One. Lambda reuses execution environments.

3. As many as the number of simultaneous Lambda functions that are executed.

4. False

5. Step Functions uses AWS State Language, which is written in JSON.

6. An actor, which can be a system or a person

7. False. SQS first-in, first-out (FIFO) queues support up to 300 messages per second.

8. False. You need to know the queue URL.

9. JSON

10. fan-out queue

“Do I Know This Already?” Quiz

1. D. CodePipeline

2. A. Ownership of production

3. A. git push

4. B. Cloud9

5. C. Plan, code, build, and test

6. C. appspec.yml

7. B. buildspec.yml

8. D. Stages cannot include manual steps

9. A. The CodeDeploy agent needs to be installed and E. A role with the permissions to access the package repository must be assigned to the EC2 instance

10. C. 2 GB

11. B. Temporary file cleanup and file permission changes

Q&A

1. By referencing scripts for each stage of the install that must be present in the code package

2. False. Space is unlimited, but 10 GB per user is included in the subscription. Anything above that is charged at the storage rate for CodeCommit.

3. Git credentials that can be created in IAM or the credential helper that uses the keys in the ./aws/credentials file to pass-through authenticate the user

4. aws codebuild start-build

5. environment

6. Only a web browser

7. EC2 instances, on-premises servers, Lambda functions, and ECS containers

8. False. Other repositories, build tools, CI servers, and AWS tools, such as Lambda and CloudFormation, are supported.

9. None. CodePipeline triggers automatically upon creation with the latest code in the repository.

10. Whereas DevOps focuses on culture and automation, Agile focuses on processes and the business aspect.

“Do I Know This Already?” Quiz

1. C. 5 TB

2. C. KVM

3. D. An import role with the appropriate permissions

4. A. 100 PB

5. A. EFS and C. S3

6. B. Lift-and-shift

7. B. SCT and D. Redshift

8. B. 2

9. B. DMS replication instance

10. C. Power off the instance, create an image and upload it to S3, and run VM Import/Export on the S3 key.

Q&A

1. False. Retiring an application should always be considered.

2. VM Import/Export

3. False. With DMS, you can introduce an ongoing migration for as long as you need.

4. Schema Conversion Tool

5. To S3 from your local disk and from S3 to your local disk

6. AWS DataSync

7. The client uploading the data

8. True. The ETag determines the correct order for S3 to assemble the parts of the file.

9. 5 MB

10. When the transfer would take more than a week to complete

“Do I Know This Already?” Quiz

1. D. None. All trails are encrypted by default with SSE-S3.

2. A. Implement exponential back-off

3. C. dashboard

4. C. Config, CloudWatch Alarms, SNS

5. B. Check the CloudTrail log.

6. B. AWS Config

7. C. A policy is not allowing the user to perform any action over an AWS resource.

8. D. Retention time is limited to 15 months

Q&A

1. An IAM role

2. Unlimited

3. False. CloudTrail is enabled by default for all calls, with a retention period of 90 days.

4. CloudTrail. The request is recorded in the trail log.

5. True. However, you can add memory metrics as custom metrics to CloudWatch.

6. UNIX time, in milliseconds

7. A configuration snapshot captures the state of the services in your account at a certain point in time.

8. True

9. Request failed due to internal service error on an operational AWS service

10. 5 minutes for default built-in metrics, 1 minute for detailed metrics, and no less than 1 second for custom metrics