Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
AWS CCP #1
Billing, Support, Security, Database, Other Services
| Question | Answer |
|---|---|
| DDOS protection for your website, applications, activated by default for all customers at no additional cost. | AWS Shield Standard |
| Premium DDOS protection ($3000/month per org) protects against more sophisticated attacks and provides 24/7 access to DDOS response team (DRP) | AWS Shield Advanced |
| Protects web apps against common exploits (L7/HTTP), deploy on ALB, API Gateway, CloudFront. Can define web ACL rules including IP based, HTTP. Protects from SQL Injection, XSS, Geo-match, Rate based rules (for DDOS) | AWS WAF (Web Application Firewall) |
| DDOS Availability protection using the global edge network, combined with AWS Sheild provides attack mitigation at the edge. | CloudFront and Route 53 |
| DDOS protection, utilizing this service is recommended to ensure your ability to scale. | AWS Auto Scaling |
| Protects your entire VPC (L3-L7), Any direction you can inspect VPC > VPC traffic, inbound/outbound internet, Dx and Site-to-Site VPN | AWS Network Firewall |
| Penetration testing is allowed on without prior approval on ___ services | 8 |
| DNS Zone Walking, DOS (including DDOS, SDDOS), Port flooding, Protocol flooding, Request flooding are examples of what? | Pen testing prohibited activities |
| Name the 5 services that offer encryption Opt-In | EBS volumes, S3 buckets, Redshift DBs, RDS, EFS drives |
| Name the 3 AWS services with encryption enabled by default | CloudTrail logs, S3 Glacier, Storage Gateway |
| Encryption service. Keys are managed by AWS | KMS |
| Encryption technology. AWS provisions the dedicated hardware (HSM hardware security module), customer manages encryption keys. FIPS 140-2 Level 3 Compliant | CloudHSM |
| Types of CMKs (Customer Master Keys) | Customer Managed CMK , AWS Managed CMK, AWS owned CMK, CloudHSM Keys |
| This type of CMK is created, managed and used by the customer. customer can schedule a rotation policy and BYO key is supported | Customer Managed CMK |
| This type of CMK is created, managed and used on the customer's behalf by AWS and used by services such as S3, EBS, Redshift. | AWS Managed CMK |
| This type of CMK is part of a collection of CMKs owned and managed by an AWS servcice and utilized in multiple accounts. Customer cannot view the keys. | AWS Owned CMK |
| This service allows the customer to provision, manage and deploy certificates for SSL/TLS, provides support for public and private certificates (public certs free), automatic renewal and integrates with other AWS services. | AWS Certificate Manager (ACM) |
| This service is for storing credentials, is capable of forcing rotation every X number of days and integrates with RDS. Data encrypted using KMS. | AWS Secrets Manager |
| Portal that provides customers with on-demand access to AWS compliance documentation and AWS agreements. | AWS Artifact |
| This service uses ML, anomaly detection and 3rd party data to provide Intelligent Threat Discovery. Input data:CloudTrail, VPC flow logs, and DNS logs. EventBridge rules can be utilized to target Lambda or SNS. Has dedicated finding for CryptoCurrency. | Amazon Guard Duty |
| This service provides Automated Security Assessments of EC2 (Utilizing SSM: network accessibility, OS vulnerabilities), ECR images, Lambda functions, integrated with Security hub and Event bridge. Provides a risk score for all discovered vulns. | Amazon Inspector |
| This service helps with auditing and recording compliance of your AWS resources and tracking/recording of configuration changes over time. Can export logs to S3 and run through Athena, can alert with SNS. | AWS Config |
| A fully managed data security and privacy service that uses ML and pattern matching to discover & protect your sensitive data (such as PII) in AWS. Often used to analyze S3 bucket contents. Integrates with Amazon EventBridge. | Amazon Macie |
| Central security tool to manage security across several AWS accounts and automate security checks. Includes integrated dashboards showing current security & compliance status, by aggregating alerts from other AWS and partner security tools. | AWS Security Hub |
| This service analyzes, investigates, and quickly identifies the root cause of security issues or suspicious activities using ML and graphs. Automatically collects events from VPC flow logs, CloudTrail and Guard Duty to create a unified view. | Amazon Detective |
| Spam, Port scanning, DoS or DDoS attacks, Intrusion attempts, Hosting of objectionable or copywrighted content, Distributing malware should be reported using... | AWS Abuse (AWS Abuse Form or abuse@amazonaws.com) |
| List the actions that can only be performed by the root user. | Change account settings, View certain tax invoices, Close AWS account, Change or cancel AWS support plan, Register as seller in Reserved Instance Marketplace, Restore user IAM permissions, S3 MFA enablement, Sign up for GovCloud. |
| This free tool utilizes a zone of trust to find out which account resources are shared externally then provides the user with a list of findings. | IAM Access Analyzer |
| Managed database service for databases that use SQL as the query language | RDS (Relational Database Service) |
| RDS Supported Database Technologies | Postgres MySQL MariaDB Oracle Microsoft SQL Server Aurora (AWS Proprietary) |
| AWS Proprietary structured database that provides support for PostgreSQL and MySQL. This service is cloud optimized for 3x-5x performance, can auto grow in 10GB increments to 128TB and costs 20% more than RDS. | Amazon Aurora |
| Name the two managed services that support relational/structured databases, | RDS (has free tier), Aurora (no free tier) |
| This RDS feature enables horizontal scaling for database read workloads. | Read replicas (can create up to 15) |
| This RDS feature provides high availability by leveraging a failover DB that supports replication to 1 additional AZ and is activated in the event the main DB (or AZ) failure. | Multi-AZ (Failover DB) |
| This RDS feature ensures DR and increased local performance by providing applications in other regions, with low latency database read access. | Multi-Region (Read Replicas) |
| This managed service leverages in-memory databases to reduce load off databases for read intensive workloads and provides support for Redis and Memcached databases. | Amazon ElastiCache |
| This serverless, distributed (3 AZ) database service for non-relational databases can scale to support massive workloads with fast and consistent performance, and single-digit milliseccond latency and offers Standard and IA Table classes for cost savings. | DynamoDB |
| This service provides a fully managed in-memory cache for DynamoDB and achieves a 10X performance improvement over DynamoDB alone. | DynamoDB Accellerator (DAX) |
| This option offers low latency, any region access to a DynamoDB table, supporting read/writes (active-active) | DynamoDB Global Tables |
| This database service, based on PostgreSQL is intended for analytics and data warehousing, provides columnar storage and integrates with BI tools such as AWS Quicksight and Tableau | Redshift |
| This service helps with creating Hadoop clusters (Big Data) and can support clusters made of hundreds of EC2 instances, supports autoscaling and spot instances. It's use cases include data processing, machine learning, web indexing, and big data. | Amazon EMR |
| AWS Service that provides a serverless query service (SQL query language) to perform analytics against S3 objects. Some common use cases are intelligence/analytics/reporting, analysis and query of VPC flow logs, ELS Logs, CloudTrail logs, etc. | Amazon Athena |
| Serverless ML-powered BI service to create interactive dashboards on your databases. | Amazon QuickSight |
| Fully managed, HA (3 AZ) NoSQL database service based on MongoDB, with automatic scaling for workloads with millions of requests per second. | DocumentDB |
| Fully managed graph database service, highly available across 3 AZs and up to 15 read replicas. Great for knowledge graphs (wikipedia), fraud detection, recommendation engines and social networking. | Amazon Neptune |
| Fully managed, serverless, HA (3 AZ) centralized ledger database great for reviewing history of all changes made to an applications data over time, recording financial transactions, immutable. | Amazon QLDB (Quantum Ledger Database) |
| This service makes it possible to build apps where multiple parties can execute transactions without the need for a central authority and is compatible with Hyperledger Fabric and Ethereum | Amazon Managed Blockchain |
| Fully serverless managed extract, transform and load (ETL) service. | AWS Glue |
| This service can be run on an EC2 instance to perform homogenous or heterogenous database migrations without downtime on the source DB. | DMS (Database Migration Service) |
| Name the AWS Relational - OLTP Database Services (2) | RDS and Aurora |
| Name the AWS service that can provide in-memory databases for non DynamoDB databases. | ElastiCache |
| Name the AWS Services that facilitate Key/Value databases + caching. | DynamoDB (serverless) and DAX |
| Name the AWS Warehouse - OLAP database service. | Redshift |
| Which database service would be best suited for Hadoop Clusters? | EMR |
| Which service would be best suited for querying data on S3? | Athena |
| "Aurora for MongoDB" (JSON - NoSQL Database) | DocumentDB |
| AWS Cloud Best Practices: List the Design Principals | Scalability Disposable Resources Automation Loose Coupling Services not Servers |
| Name the 6 PIllars of Well Architected Framework | Operational Excellence Security Reliability Performance Efficiency Cost Optimization Sustainability |
| This Pillar of Well Architected Framework includes the ability to run and monitor systems to deliver business value and continually improve supporting processes and procedures | Operational Excellence |
| These Design Principals belong to the _________ Pillar Perform Operations As Code Annotate documentation Frequent, small, reversible changes Refine ops procedures Anticipate failure Learn from failures | Operational Excellence |
| This pillar of well architected framework includes the ability to protect information, systems and assets while providing business value through risk assessments and mitigation strategies | Security |
| These belong to the _______ pillar. Implement strong identity foundation Enable traceability Apply security at all layers Automate security best practices Protect data in transit and at rest Keep people away from data Prepare for secutiy events | Security |
| This pillar defines the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand and mitigate disruptions such as misconfigurations or transient network issues | Reliability |
| These design principals belong to the _________ pillar. Test recovery procedures Automatically recover from failure Scale horizontally Stop guessing capacity Manage change in automation | Reliability |
| This pillar includes the ability to use computing resources efficiently as demand changes and technologies evolve. | Performance Efficiency |
| These design principals belong to _______ pillar Democratize advanced technologies Go global in minutes Use serverless architectures Experiment more Mechanical sympathy | Performance Efficiency |
| This pillar includes the ability to run systems to deliver business value at the lowest price point | Cost optimization |
| These design principals belong to the ______ pillar Adopt a consumption mode Measure overall efficiency Stop datacenter spending Analyze and attribute expenditure Use managed services to reduce TCO | Cost optimization |
| This pillar focuses on minimizing the environmental impact on running cloud workloads | Sustainability |
| These design principals belong to the _____ pillar Understand your impact Establish sustainability goals Maximize utilization Anticipate, adopt new more efficient offerings Use managed services Reduce downstream impact of cloud workloads | Sustainability |
| This free tool is used to review your architectures against the 6 pillars of Well-Architected Framework and adopt architectural best practices, by answering questions about your architecture related to the 6 pillars, then applying lenses for guidance. | AWS Well-Architected Tool |
| The contents of this whitepaper help you build and execute a comprehensive plan for your digital transformation through innovative use of AWS. | AWS Cloud Adoption Framework |
| AWS Cloud Adoption Framework Groups its capabilities into these six perspectives. | BPGPSO Business People Governance Platform Security Operations |
| AWS CAF Transformation Domain - using the cloud to migrate and modernize legacy infrastructure, applications, data and analytics platforms. | Technology |
| AWS CAF Transformation Domain - digitizing, automating and optimizing your business operations by leveraging new data and analytics platforms to create actionable insights and using ML to improve your customer service experience. | Process |
| AWS CAF Transformation Domain - Reimagining your operating model by organizing teams around products and value streams and leveraging agile methods. | Organization |
| AWS CAF Transformation Domain - reimagining your business model by creating new value propositions (products & services) and revenue models | Product |
| The process of matching instance types and sizes to your workload performance and capacity requirements at the lowest possible cost. "Scaling up is easy to always start small" | AWS Right Sizing |
| This service is intended for customers to find professional help for AWS projects by engaging AWS certified 3rd party experts for on-demand project work, charged to your AWS bill and billed as pay per milestone. | AWS IQ |
| This service offers a team of AWS experts to manage and operate your infrastructure for security, reliability and availability. Some common tasks that can be offloaded include CRs, monitoring, patching, security, backup, implementation of best practices. | AWS Managed Services (AMS) |
| This global service allows the customer to manage multiple AWS accounts under 1 master account, provides consolidated billing and pricing benefits such as shared volume pricing, pooling of reserved instances and savings plans discounts. | AWS Organizations |
| AWS Organizations enables automation of account creation via the _______________. | AWS Organizations API |
| Account privileges can be restricted in AWS Organizations by using _______________. | Service Control Policies (SCP) |
| SCPs are applied at the ____ or _____ level, are applied to all ____ and _____ of the account, but do not affect ______ roles | OU, Account Users, Roles Service-Linked |
| Restricting access to specific services, and enforcing PCI compliance by disabling services are two use cases for this feature of AWS Organzations | Service Control Policies (SCP) |
| This AWS service provides an easy way to setup and govern a secure, compliant multi-account AWS environment based on best practices. | AWS Control Tower |
| This AWS service allows you to share resources you own with other accounts within and/or outside of your organzation | AWS Resources Access Manager (AWS RAM) |
| This service allows an organization to create a self-service portal containing only authorized products pre-defined by admins including VMs, databases, storage options, etc. | AWS Service Catalog |
| IAM, VPC, Consolidated Billing, Elastic Beanstalk, CloudFormation and ASGs are all examples of AWS _____________ | Free/Free tier services |
| EC2, S3 and RDS all offer a limited ________ _________. | Free tier |
| On demand EC2 instances are billed by the ____ with a minimum billing time of ____ and pay per _____ for Windows/Linux and pay by ____ for other operating systems. | second 60 seconds second hour |
| This compute pricing model offers up to a 75% discount compared to the on-demand rate, offers 1 or 3 year commitments and allows payment upfront (all, partial, none) | Reserved Instances |
| This compute pricing model allows organizations to bid on un-used capacity and can offer savings up to 90% compared to the on-demand hourly rate. | Spot instances |
| Lambda is billed on a pay per ___, pay per ____ times the amount of ____ assigned to the Lambda function. | per call, per duration, RAM |
| With ECS you only pay for your underlying... | EC2 instances |
| Fargate is charged per container by ____ and ____ assigned to the container. | vCPU, RAM |
| Name the 6 available S3 storage classes. | S3 Standard S3 Infrequent Access S3 One-Zone IA S3 Intelligent Tiering S3 Glacier S3 Glacier Deep Archive |
| S3 storage is billed based on the _____ and _____ of objects, the ____ and ____ of requests, data transfer _______ of the S3 region, S3 transfer __________ and ________ transitions and can be _______ based on volume. | Number, Size, Number, Type Out Acceleration, Lifecycle Tiered |
| Similar to S3, this storage service is pay per use, has infrequent access & life cycle rules. | Amazon EFS |
| This Amazon storage technology is billed based on the volume in GB per month provisioned, provisioned IOPS, Snapshots (in GB/month) and data transfer outbound. | Amazon EBS |
| RDS offers pay per _____ billing based on database _________, ________ and ________ class. Offers on-demand and __________ instances (1 or 3 years) with _____ up-front. There is _____ additional charge for backup storage. | hour, engine, size, memory reserved required no |
| Cloudfront pricing is _________ across geographic regions, _________ for each edge location then applied to your bill. You pay for data transfer _______ and the _______ of HTTP/HTTPS requests. | different aggregated out number |
| Networking Costs: Inbound traffic is ________. Traffic between instances in the same AZ is _______ if using a ___________ ______. | free free, private IP |
| Networking Costs: Traffic between AZs within a region is charged at a rate of _____ if using a private IP, and _______ if using a public/elastic IP. | $0.01/GB $0.02/GB |
| Networking Costs: Inter-Region traffic is charged at a rate of _______. | $0.02/GB |
| For network cost savings, use a _______ ____ and the same ______ for maximum savings (at the cost of high availability) | Private IP, AZ |
| Savings Plan: Commit a certain dollar amount per ______ for ___ or ___ years. | hour, 1, 3 |
| Name the three types of savings plans offered by AWS. | EC2 Savings plan (commit to individual instance families in a region) Compute Savings Plan (EC2, Fargate, Lambda - Regardless of Family, Region, OS, Tenancy, Compute option) Machine Learning Savings Plan (SageMaker) |
| With this AWS savings plan the customer must commit to usage of individual instance families in a region and can save up to 72%. | EC2 Savings Plan |
| With this flexible savings plan, the customer can save up to 62% and does not need to commit to a family, region, size, OS, tenancy OR compute option (EC2, Fargate, Lambda) | Compute Savings Plan |
| Savings plans can be setup from the AWS _________________. | Cost Explorer Console |
| This tool uses ML to analyze your resources configurations and their utilization CloudWatch metrics then recommends optimal AWS resources for your workloads to help reduce cost (up to 25%) and improve performance. | AWS Compute Optimizer |
| This AWS tool allows you to estiamte the cost for your solution architecture. | AWS Pricing Calculator |
| This AWS tool shows you the costs incurred for the month, the forecast and YTD. | AWS Billing Dashboard |
| This dashboard shows month-to-date usage and MTD forecasted usage for free tier services. | AWS Free Tier Dashboard |
| Use _________ to track your AWS costs on a more detailed level and track costs by group. | Cost Allocation Tags |
| This tool allows you to dive deeper into your AWS costs and usage and provides the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, reservations. Support Athena, Redshift or QuickSight | Cost and Usage Report |
| This tool helps you visualize, understand and manage AWS costs over time. At a higher level, total cost and usage across accounts, cost by AWS Service. Allows customer to choose an optimal savings plan and forecast usage for up to 12 mo. | Cost Explorer |
| This service can be configured to alert when a certain threshold is exceeded (billing), but can not alert on projected costs. | CloudWatch Billing Alarms |
| All worldwide CloudWatch billing data metrics are stored in this AWS region. | US-East-1 |
| This tool can be used to send alarms when costs exceed a set budget, including projected costs. Costs can be broken down by many criteria (Region, Tag, Cost Category, AWS Service, etc.) | AWS Budgets |
| This service can be used to contiously monitor your cost and usage using ML to detect unusual spends. It learns your unique, historic spend patterns and sends an anomoly detection report with root cause analysis. | AWS Cost Anomaly Detection |
| This tool provides a high level AWS account assessment. Analyzes your AWS account and provides recommendation on 5 categories. | AWS Trusted Advisor |
| Name the 5 categories AWS Trusted Advisor reports on. | Cost Optimization Performance Security Fault Tolerance Service Limits |
| List the 7 core checks included with Trusted Advisor Basic & Developer support plans. | S3 Bucket Permissions Security Groups (Specific ports unrestricted) IAM Use (one IAM user minimum) MFA on Root Account EBS Public Snapshots RDS Public Snapshots Service Limits |
| Trusted Advisor Business & Enterprise support plans offer these additional features not included in the Basic and Developer plans. | Full checks on the 5 categories. Ability to set CloudWatch alarms when reaching limits Programmatic access using AWS support API |
| This free support plan offers 24x7 access to Customer Service and Communities, AWS Trusted Advisor (7 core checks) and AWS Personal health dashboard. | AWS Basic Support Plan |
| This support plan has all the features of the Basic Support plan and adds business hours email access to cloud support associates, unlimited support cases with 1 primary contact and an SLA of 24h for general guidance and system impaired 12h. | AWS Developer Support Plan |
| This support plan is for companies with production workloads, adds full set of trusted advisor checks, 24x7 phone, email, and chat access to support, unlimited cases & unlimited contacts. SLAs general 24h, impared 12h, prod impared 4h, prod down 1h | AWS Business Support Plan |
| Support plan for production or business critical workloads. Access a pool of TAMs, Concierge Support Team, Infrastructure Event Management, Well-Architected & Ops Reviews. Adds SLA business critical system down <30m. | AWS Enterprise On-Ramp Support Plan |
| Support plan for mission critical workloads. Adds designated TAM. Adds SLA Business critical system down <15m. | AWS Enterprise Support Plan |
| AWS Desktop Application streaming service. Accessible from a web browser. | Amazon AppStream 2.0 |
| This service is used to convert media files in S3 into media files in the format required by consumer playback devices. | Amazon Elastic Transcoder |
| This service makes use of GraphQL to store and sync data across web and mobile apps in real-time. Client code can be generated automatically and can be used with AWS Amplify. | AWS AppSync |
| A set of tools and services that help you develop and deploy scalable full stack web and mobile applications. | AWS Amplify |
| Fully-managed service that tests your web and mobile apps against desktop browsers, real mobile devices and tablets. | AWS Device Farm |
| This service allows you to quickly and easily recover your physical, virtual and cloud-based servers into AWS. (For example protecting critical DBs, apps, or data from ransomware), utilizing continous block-level replication for your servers. | AWS Elastic Disaster Recovery (DRS), supports Failover and Failback |
| Assists with planning migration projects by gathering information about on-prem Data Centers, server utilization data and dependency mapping using agentless and agent-based discovery. The resulting data can then be viewed in another service called the ___ | AWS Application Discovery Service AWS Migration Hub |
| This service provides a "lift-and-shift" solution to simplify migrating app to AWS by converting your physical, virtual and cloud-based servers to run natively on AWS. | AWS Application Migration Service |
| This tool helps you build a data-driven business case for migration to AWS and provides a clear baseline of what your org is running today. | AWS Migration Evaluator |
| Based on chaos engineering, this fully managed service is for running fault injection experiments on AWS workloads to observe how the system responds. | AWS Fault Injection Simulator |
| For building a serverless visual workflow to orchestrate your Lambda functions. Some features include sequence, parallel, conditions, timeouts, error handling and allows implementation of a human approval feature. | Step Functions |
| Fully managed service that lets your control satellite communications, process data, and scale your satellite operations. | AWS Ground Station |
| Scalable 2-way (outbound/inbound) marketing communications service that supports email, SMS, push, voice and in-app messaging. | Amazon Pinpoint |
Created by:
douros05
Popular Computers sets