AWS Intro to Cloud Computing Midterm/Final

Which AWS pricing model offers no upfront payments and a smaller discount?

NURI (No Upfront Payments Reserved Instance)

This cloud service model included computer (virtual or hardware), networking feature, and data storage space (EC2, EBS, VPC)

Infrastructure as a service (IaaS)

This cloud computing model includes the deployment and management of developed applications (Lambda, RDS, Elastic Beanstalk, Cloud9)

Platform as a service (PaaS)

This cloud computing mode provides end-user applications such as web-based email (AWS Shield, Trusted Advisor, Chime)

Software as a service (SaaS)

What are the examples of?

· High availability

· Elasticity

· Agility

· Durability

· Security

· Reliability

· On-demand

· Pay-as-you go

· Scalability

· Global reach

· Economy of scale

The benefits of cloud computing

This cloud deployment model uses cloud-based applications and is deployed and operates entirely in the cloud, leveraging cloud computing for creation or migration, and can be built on varying levels of infrastructure services.

public cloud

This cloud deployment model connects cloud-based resources with existing on-premises infrastructure, allowing organizations to extend their infrastructure into the cloud and link cloud resources to internal systems.

hybrid

This cloud deployment model is on-premises and involves using virtualization and resource management tools to offer dedicated resources and improve utilization, resembling traditional IT infrastructure while attempting to incorporate some cloud computing efficiencies; you manage the servers in your data center

private cloud (on-premises)

The following are examples of what?

Trade capital expense for variable or operational expense, benefit from massive economies of scale, stop guessing capacity, increase speed and agility, stop spending money on running and maintaining data centers, go global in minutes.

advantages of cloud computing

A benefit of cloud computing is that you can run one app in multiple _____

availability zones

Which AWS services allows users to write code in an IDE within a web browser?

Cloud9

Which AWS service is a a source control system for private git repositories?

CodeCommit

Which AWS support plan is the lowest AWS tier, supporting general guidance response time in less than <24 hours and system impaired response time in less than <12 hours? It is only available during business hours through web access to Cloud Support Associates.

Developer

Which AWS support plan provides contextual support to your use-case, a full-set of AWS trusted advisor checks, general guidance in< 24 hours, system impaired in < 12 hours, and 24/7 phone, web, and chat access to Cloud Support Engineers?

Business

Which AWS support plan is recommended if you have production and/or business critical workloads in AWS. It includes a full-set of AWS Trusted Advisor checks, business-critical system downtime response in < 30 minutes, a pool of TAMs (technical account manager) and access to AWS Managed Services (AMS)?

enterprise on ramp

Which AWS support plan is recommended if you have business and/or mission critical workloads in AWS. It offers a business/mission-critical system down response < 15 minutes, a designated Technical Account Manager (TAM), and is the only plan to offer AWS Incident Detection and Response?

enterprise

True of false: you don't have to pay for outbound data transfer

false

True or false: you have to pay for compute and storage services

true (compute varies by instance and storage is typically charged by GB)

IAM, CloudFront, and Route 53 are all example of ___ services.

global

True or false: VPC, Elastic Beanstalk, and Autoscaling are charged services.

false (these services are at no charge)

True or false: Cloud Formation, AWS Organization, and OpsWorks are free services

true

This compares the costs of running application(s) on an on-premise or traditional environment versus the AWS cloud environment

TCO (total cost of of ownership)

The number of servers and storage amount will affect this.

TCO

Which AWS service gives you the status of all AWS services across all regions?

Health Dashboard

AWS ____ allows offers consolidated billing and allows you to centrally control AWS services across multiple AWS accounts?

Organizations

AWS _____ offers APIs to automate the creation and management of new AWS accounts

Organizations

AWS _____ allows you to create groups of accounts and then attach service control policies (SCPs) to a group, allows you to create service boundaries.

Organizations

AWS ______ dashboard provides the status of the month-to-date expenditure of an an AWS account

billing

AWS ____ view the AWS cost data as graphs for visualization, understanding, and management and usage over time

cost explorer

AWS _____ uses the visualization provided by Cost Explorer to show the status of your budgets and to provides forecast of your estimated costs. You can also configure notifications to be sent via email or AWS SNS

budgets

AWS ____ is a single location for accessing comprehensive info about your AWS costs and usage

cost and usage report

Who is a real person that is a designated point of contact that proactively monitors your AWS environments and assists with optimization?

technical account manager

AWS ____ is an online cloud expert who assists you in following best practices to increase performance and fault tolerance within and AWS environment

trusted advisor

Which support plan offers resource Center access, Service Health Dashboard, product FAQs, discussion forums, and support for health checks, but no case support?

basic (plan)

This consists of one or more fully isolated data center

Availability Zone (AZ)

This consists of two or more availability zones that are physically separated

Region

AWS CloudFront uses _____ as an endpoint for caching content and reducing latency

edge locations

What is used for content that is infrequently accessed?

regional edge cache

Amazon ___ offers unlimited object storage for files up to 5TB and is not for OS or DB storage

S3

Amazon ____ is a highly available and scalable block storage that can be attached to an EC2 instance for both throughput and transaction intensive workloads. You can use it for OS or DB storage.

elastic block store

EC2 _____ is local storage that is physically attached to the host computer and cannot be removed. It its temporary storage (ephemeral) because the data is lost when the EC2 instance is terminated.

instance store

Amazon _______ provides a scalable, fully managed or serverless elastic Network File System (NFS) file system for use with AWS Cloud services and on-premises resources to share files.

elastic file system

Amazon ______ provides resizable compute capacity as virtual machines in the cloud.

EC2

Amazon EC2 ____ _____ enable you to automatically add or remove EC2 instances according to conditions you define

auto scaling

AWS _____ enables you to run code without provisioning or managing servers and you only pay for the compute time you consume

Lambda

AWS ____ ____ is service for deploying and scaling web applications and services on familiar server such as Apache Microsoft Internet Information Services (IIS)

elastic beanstalk

Amazon ______ is a highly scalable, performant container orchestration service that supports docker containers

elastic container service (ECS)

Amazon _____ is fully managed Docker container registry that makes it easy for devs to store, manage, and deploy Docker container images

elastic container registry

AWS ____ makes it easy to deploy, manage, and scale containerized applications that use open-source Kubernetes on AWS.

elastic kubernetes services (EKS)

Amazon ____ is a fast content delivery (CDN) service

CloudFront

AWS _____ ______ is a service that enables customers to connect their amazon VPCs to their on-premises networks to a single gateway

transit gateway

Amazon _____ is a scalable cloud Domain Name System (DNS)

route 53

AWS Transit gateway is often used for ____

VPC peering (a hub for connecting VPCs)

AWS ____ _____ establies a dedicated private network connection from your data center of office to AWS, which can reduce networks costs and increase bandwidth throughput

direct connect

AWS ____ allows your to restrict what services and actions are allowed in your account

organizations

AWS _____ enables you to manage access to AWS services and resources securely. You this service to grant permissions to allow and deny user and group access to AWS resources.

Identity and account management (IAM)

AWS ___ is DDOS protection service

shield

AWS ____ enables you to create and manage keys

key management service

Amazon _____ allows you to monitor resources and applications

CloudWatch

AWS ____ enables you to asses, monitor, audit, and evaluate the configuration of your AWS resource against a desired configuration

config

Which AWS service would you use to track if a user terminates an EC2 instance?

CloudTrail

Which AWS service allows you track API calls?

CloudTrail

AWS ___ is used for tracking user activity and API usage

CloudTrail

Which AWS service can be used to transform an excel file in an S3 bucket into a queryable file?

glue

Which AWS service is serverless query service that your would you to run a query on a file generated by AWS Glue?

athena

Which AWS service allows you to query without provisioning a database server?

athena

To host a static website, you might use Amazon ___

S3

To host a dynamic website you might use elastic beanstalk or an ______

EC2 instance

This AWS service allows you to write code within an integrated development environment (IDE) from within a web browser and supports popular programming languages

Cloud9

Which AWS service helps you debug production applications?

x-ray

Patch management, configuration management, and awareness and training are examples of ______ responsibilities

shared

Protecting infrastructure, physical and environmental controls are examples of ____ responsibilities

AWS

True of false: You the customer are responsible for managed services like S3, DynamoDB, RDS, and Lambda

false (AWS is responsible for these managed services)

Management of the guest OS inside EC2 instances, firewall and network configuration, IAM, and server-side and client-side encryption are examples of _____ responsibilities

customer

True or false: AWS is responsible for security group configuration and installed software

false (this is a customer responsibility)

True or false: patching the host OS is a shared responsibility

true

True of false: the customer is responsible for installed software

true

An IAM ____ is a person or application that is defined in an AWS account

user

An IAM ____ is a collection of IAM users that helps you apply common access controls to all group members

group

An access key ID and a secret access key are required for ____ access

programmatic

To follow best practices to secure an AWS account, secure logins with ____ enabled is encouraged

MFA

True or false: You should not delete account root user access keys

false (Deleting account root user access keys and creating and admin user instead of root is encouraged)

To follow best practices to secure an AWS account, you should use ____ to assign permissions to IAM users

groups

To follow best practices to secure an AWS account, you should configure a strong ____ policy

password

Amazon encourages enabling a _____ _____ such as the AWS Cost and Usage Report to follow best security practices

billing report

True or false: to follow best AWS security practices you should delete the root user and instead create an admin

true

AWS ____ enables you to assess, monitor, audit, and evaluate the configuration of AWS resources or state of the architecture. It tracks configuration changes over time and provides notifications via SNS of every configuration change.

config

AWS ___ provides an automated security assessment that helps you import the security and complied of application deployed on AWS. It performs vulnerability assessments for EC2 hosts and VPCs

inspector

AWS ____ is a hardware security module (HSM). It is a dedicated physical machine that you provision and own that is used to generate and use its own encryption keys on the AWS cloud. No key rotation is available.

CloudHSM

AWS ____ enables you to create and manage keys. It provides automatic key rotation if the customer master key (CMK) is generated with an HSM managed by AWS KMS.

key management service (KMS)

AWS ___ provides protection form layer 4 (transport layer) such as TCP SYN/UDP floods or NTP amplification attacks and layer 7 (application layer) attacks such as floods of GET/POST requests

shield

AWS _____ protects web application from layer 7 or application layer DDoS attacks, SQL injection, and cross-site-scripting attacks by monitoring HTTP and HTTPS requests.

web application firewall (WAF)

True of false: a VPC spans multiple availability zones and multiple regions

false (while a VPC does span multiple AZs, a VPC only belongs to one region)

A _____ within a VPC spans only one availability zone

subnet

True or false: a subnet can be public or private

true

The largest IPv4 CIDR block size for a subnet is

16

3 multiple choice options

The smallest IPV4 CIDR block size is

28

3 multiple choice options

True or false: 10.0.0.0/29 a valid network address in AWS

false

An ____ IP address is a static IP address associated with and AWS account that be remapped to another account at anytime

elastic

A ____ gateway enable instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances

NAT (network address translation)