Concepts
What is the shared responsibility Model and what are each party responsible for? 1.22
AWS is responsible for the cloud (infrastructure, Data Centers etc)
Customers are responsible for what goes into the cloud (Data encryption, Custom software, access policies etc)
What is VPC Peering? 9.12
A networking link that allows you to connect one VPC with another. Doesnt have to be in the same account. Allows EC2 instances to communicate as if they were on the same network
What is AWS User Notifications? 6.30
A centralizzed and unified way to configure and access notifications from various services. You can view notifications from across accounts regions and service and customize delivery channels to receive notifications via Email, chat bot or AWS console mobile app
What is AWS Artifact? 5.11
What are AWS Decision Guides? 26.3
Decision Guides offer a clear overview of AWS services along with structured guidance to help you select the best options for your specific use cases. They also help you identify and evaluate the key criteria that should influence your decisions.
What is the Backup and Restore DR strategy? 1.17
Backups are made in the same AWS region as the source and duplicated into a different region. Has the lowest cost, but the slowest RTO
What are the differences between a public and private connectivity types for a NAT Gateway? 9.8
Public: Instances in a public NAT Gateway can connect to the internet through it but cannot receive unsolicited inbound connections from the internet
Private: Instances in private subnets can connect to other VPCs on your on-prem network through a private NAT Gateway. You can route traffic from the NAT gateway through a transit gateway or a virtual private gateway
What is the Compute Optimizer and what resources does it work with? 6.10
Evaluates AWS resource configuration and usage and makes recommendations to decrease cost and improve performance.
EC2 instances
EC2 Autoscaling groups
EBS Volumes
Lambda functions
What are the two main ways to set up Cross Account Access? 5.10
Resource-based policies - The trusting account specifies which principals from other accounts can access a resource. Principals retain their original permissions while gaining access to shared resource. Principals can be IAM users, federated users, roles or AWS services
IAM Roles - Allow an account to delegate access to resources by creating a role that can be assumed by a principal from an outside account.
What are AWS Decision Guides? 26.3
Decision Guides offer a clear overview of AWS services along with structured guidance to help you select the best options for your specific use cases. They also help you identify and evaluate the key criteria that should influence your decisions.
What is an AWS Service Endpoint? 1.21
An AWS service endpoint is a specific URL that denotes a service within the AWS ecosystem. They let you securely communicate with and request APIs from AWS services without using the open internet
Compare and contrast Global Accelerator and Cloud Front 9.45
They both use the AWS global network and its edge locations world wide to offer their services to customers
CF boosts performance for both cacheable and interactive content output
GA increases performance by proxying packets for a wide variety of Apps over TCP & UDP by routhing them across regions
What does AWS Grafana do? 6.13
Makes it easy to deploy, operate, and scale the Grafana data visualization tool. Lets you build dashboards and visualizations to metrics logs, and traces from multiple data sources
Integrates with Operational data sources (CloudWatch, OpenSearch, X-Ray etc) as well as open-source and 3rd party data sources.
When the Policy Evaluation logic is determining if an action is denied, in what order does it check policies? 5.9
SCP/RCP -> Resource-based policies -> Identity based policies -> IAM permission boundaries -> session policies.
What are the protocols supported by the AWS transfer Family? 8.68
Secure File Transfer Protocol (SFTP)
File Transfer Protocol Secure(FTPS)
File Transfer Protocol (FTP)
Applicating Statement 2 (AS2)
What are the Goals of Cost Optimization and can you list the 5 design Principles? 1.13
Keep expenses as low as possible
1. Implement Cloud financial management
2. Adopt a Consumption model
3. Measure overall efficiency
4. Stop spending money on undifferentiated heavy lifting
5. Analyze and attribute expediture
What is AWS CloudMap, what does it do? 9.30
A service for finding cloud resources. You can give your app resources custom names and the service and the service will automatically update the locations of resources that move around.
What are the differences between GuardDuty, Detective, and Security Hub? 6.33
GuardDuty is a threat detection service that continuously montiors malicious and unwanted activity
Detective eliminates the time and resources needed to investigate security findings and determine the underlying cause. Monitors CloudTrail logs and GuardDuty results and presents you with a single interactive view of your resources, users and interactions between them
Security Hub aggregates, organizes and prioritizes the security warnings from AWS services
What can AWS Private Certificate Authority do? 5.25
Simplifies the management of private digital certificates and lets you establish cert authority hierarchies without the need of CA infrastructure. Can issue X.509 certs for various purposes such as:
Setting up secure TLS channels with encryption
authenticating users/endpoints/devices
Applying cryptographic signatures to code
Implementing the OCSP to check the revocation status of certs
What is the Cost Optimization Hub and what are some of its recommendation types? 23.8
Provides a single dashboard to conolidate and identify over 15 different types of AWS cost optimzation recommendations across AWS accounts and regions. Recommendation types include:
right-sizing EC2 instances, migrating to Graviton, detecting idle resources and utilizing savings plans, reserving capacity and nodes/instances.
What are the 6 pillars of a well-architected framework and what do they cover? 1.8
1. Operational Excellence
2. Security
3. Reliability
4. Performance Efficiency
5. Cost Optimization
6. Sustainability
What are Signed URLs and Signed Cookies for and when would you use each one? 9.28
These are both for sharing private S3 contents to designated users.
Signed URLs are for individual files or for when a client doesn't support cookies.
Signed Cookies are for multiple files that you don't want to update every URL for.
What is AWS Control tower and what are its core features? 6.12
A service that makes it easy to setup and manage a secure compliant multi-account AWS environment using best practices.
Landing Zone - All OUs that you want to be subject to compliance are kept in the LZ
Controls - High level rules (guardrails) that help you run your environment.
Account factory - A customizable account template that makes it easier to setup new accounts with approved configurations.
Dashboard - Lets you keep an eye on the LZ
What is AWS Payment Cryptography for and what are some of the features? 5.27
Simplifies the process of implementing cryptographic operations for securing data in payment processing app. It adheres to various industry standards and rules such as PCI, network and ANSI standards
Enables key gneration, electronic import/export, automates key management tasks. and manages physical HSM infrastructure and meets key management requirements to ensure compliance.
What is Amazon MQ and when would you use it over other amazon services? 16.5
It is a message broker service for Apache Active MQ and Rabbit-MQ that simplifies the deployment and operation of cloud-based message brokers. You have direct access to the ActiveMQ andRabbitMQ consoles as well as APIs and protocols for message.
You would only use this instead on SNS and SQS if your already relying on a MQ service and are not ready to change protocol.