1. When you launch an Amazon Elastic Compute Cloud (Amazon EC2) instance, what does the instance type define?

    The amount of compute for an Amazon EC2 instance, including RAM, instance storage, CPU, and network bandwidth.

  2. When you launch an Amazon Elastic Compute Cloud (Amazon EC2) instance, what is defined by the Amazon Machine Image (AMI)?

    The initial software state of the instance when launched, including operating system, configuration, and additional installed programs.

  3. What is the drawback of Spot Instances?

    They can be terminated when the spot price goes above your current bid price.

  4. How does the Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instance pricing model work?

    You pay up front to reserve compute for one or three years, locking in a lower cost in the process.

  5. What is the Amazon Elastic Compute Cloud (Amazon EC2) On Demand pricing model?

    You launch Amazon EC2 instances on request and pay the full hourly cost until you stop or terminate the instances. This is the most flexible and least cost-effective pricing model.

  6. How can you address an Amazon Elastic Compute Cloud (Amazon EC2) instance to connect over the Internet?

    By public IP address, elastic IP address, or DNS name.

  7. What is Enhanced Networking for Amazon Elastic Compute Cloud (Amazon EC2)?

    A setting to get higher packet per second, lower network jitter, and lower latencies.

  8. What type of block storage is provided at no additional charge with certain Amazon Elastic Compute Cloud (Amazon EC2) instance types?

    Instance Store (or ephemeral storage).

  9. VM Import/Export allows you to import existing virtual machines from your local environmentand convert them to what?

    Amazon Elastic Compute Cloud (Amazon EC2) instances or Amazon Machine Images (AMIs).

  10. Which storage option continues to store data despite stopping and starting an instance?

    Amazon Elastic Block Store (Amazon EBS).

  11. What are the four network capacity ratings for Amazon Elastic Compute Cloud (Amazon EC2) instance types?

    Low, moderate, high, and 10 Gbps.

  12. What is instance metadata?

    Data about an Amazon Elastic Compute Cloud (Amazon EC2) instance—such as instance ID, instance type, and security groups—that can be obtained via an HTTP call from within the instance.

  13. What are the four properties of a security group rule?

    Traffic direction, port, protocol, and destination (or source) address.

  14. When an Amazon Elastic Compute Cloud (Amazon EC2) instance is a member of two security groups, what resulting traffic flow is allowed?

    The rules from each security group are aggregated to create one set of permissive rules, so the result is a union of all traffic allowed by the rules in both security groups.

  15. Which Amazon Elastic Block Storage (Amazon EBS) volume type is the best choice for workloads such as large databases executing many transactions?

    Provisioned IOPS SSD.

  16. What Amazon Elastic Block Storage (Amazon EBS) volume type is appropriate for cold and infrequently accessed data?

    Magnetic volumes.

  17. Which Amazon Elastic Block Storage (Amazon EBS) volume type is appropriate for dev/test environments, small databases, and so forth?

    General-purpose SSD.

  18. What must an application running on an Amazon Elastic Compute Cloud (Amazon EC2) instance do differently to access data on an encrypted Amazon Elastic Block Storage (Amazon EBS) volume?

    Nothing. Amazon EBS encryption is transparent to applications on the attached instances.

  19. What is an Amazon Elastic Block Storage (Amazon EBS)-optimized instance?

    An instance that has additional, dedicated capacity for Amazon EBS I/O.

  20. What are Amazon Elastic Block Storage (Amazon EBS) snapshots?

    Point-in-time backups of an Amazon EBS volume stored in Amazon Simple Storage Service (Amazon S3).

  21. What are the three principals that can authenticate and interact with AWS resources?

    The root user, IAM users, and roles.

  22. How can applications running on Amazon Elastic Compute Cloud (Amazon EC2) instances access the AWS Application Program Interface(API) without storing an access key on the instance?

    By associating the instance with an Amazon EC2 role (instance profile) so that Software Development Kit (SDK) applications running on the instance automatically acquire a temporary security token to access API calls.

  23. What is a best practice to increase the security of an AWS account root user?

    Use Multi-Factor Authentication (MFA) to protect against a password getting compromised by also requiring the possession of a device with a rotating One-Time Password (OTP).

  24. What is defined in a permission for an AWS Identity and Access Management (IAM) policy?

    Effect, service, action, and resource. The policy may also include one or more conditions.

  25. What are the three services of Amazon Kinesis?

    Amazon Kinesis Firehose, Amazon Kinesis Analytics, and Amazon Kinesis Streams.

  26. What analytics service is appropriate for big data already stored on AWS?

    Amazon Elastic MapReduce (Amazon EMR), Amazon’s managed Hadoop service.

  27. What is the difference between a transient Amazon Elastic MapReduce (Amazon EMR) cluster and a persistent Amazon EMR cluster?

    A transient cluster is shut down between analysis jobs, whereas a persistent cluster runs continuously. Data on the HDFS storage is lost when a transient cluster is shut down.

  28. Which service is designed to process and move data reliably between different AWS compute and storage services for tasks such as ETL?

    AWS Data Pipeline.

  29. What service provides customers with the ability to load very large (hundreds of TB) datasets onto AWS?

    AWS Import/Export provides multiple options to ship storage devices to be loaded directly into AWS.

  30. Which type of AWS Storage Gateway volume stores all data locally while replicating it to Amazon Simple Storage Service (Amazon S3)?

    Gateway-stored volumes.

  31. Which type of AWS Storage Gateway volume stores all data in Amazon Simple Storage Service (Amazon S3) and caches frequently used files locally?

    Gateway-cached volumes.

  32. Amazon CloudFront can provide Content Delivery Network (CDN) functionality for what type of origins?

    Essentially any web resource, including Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS Elastic Load Balancing (ELB), Amazon Simple Storage Service (Amazon S3), and on-premises applications and sites.

  33. Does Amazon CloudFront support the accelerated delivery of static content, dynamic content, or both?*


  34. How can you use Amazon CloudFront to serve private content?

    By using signed URLs, signed cookies, and Amazon Simple Storage Service (Amazon S3) Origin Access Identifiers.

  35. How does Amazon CloudFront accelerate delivery of content?

    By caching content at edge locations closer to the requestor to reduce latency.

  36. What is the main difference between Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Block Storage (Amazon EBS)?

    Amazon S3 is object storage, whereas Amazon EBS is block storage.

  37. What methods are available to protect your data from accidental loss on Amazon Simple Storage Service (Amazon S3)?

    Enable versioning, enable MFA Delete, use Access Control Lists (ACLs),use Amazon S3 bucket policies, and use AWS Identity and Access Management (IAM) policies.

  38. How can you ensure the maximum performance for high-rate GET, PUT, and DELETErequests on Amazon Simple Storage Service (Amazon S3)?

    Add a random prefix to your object names.

  39. What are the four ways to encrypt data at rest on Amazon Simple Storage Service (Amazon S3)?

    Server Side Encryption (SSE) with AWS-managed keys, SSE with AWS Key Management Service (AWS KMS)-managed keys, SSE with customer-provided keys, and client-side encryption.

  40. Which Amazon Simple Storage Service (Amazon S3) operations have read-after-write consistency?

    Initial PUT requests. All other requests, including overwrite PUT requests, are eventual consistency.

  41. Which Amazon Simple Storage Service (Amazon S3) storage model has the lowest cost?

    Amazon Glacier.

  42. Which Amazon Simple Storage Service (Amazon S3) storage model trades durability for a lower cost?

    Amazon S3 Reduced Redundancy Storage(RRS).

  43. What are the three mechanisms to control access to objects in an Amazon Simple Storage Service (Amazon S3) bucket?

    Access Control Lists (ACLs), AWS Identity and Access Management (IAM)policies, and Amazon S3 bucket policies.

  44. What type of upload is automatically used by the AWS Command Line Interface (CLI) for uploading very large (>5GB) objects?

    Multipart upload.

  45. What are Amazon Simple Storage Service (Amazon S3) lifecycle configuration rules?

    A mechanism for controlling objects that have a well-defined lifecycle by moving them between storage classes or deleting them at specific time intervals.

  46. How does AWS verify its controls and processes for customers?

    Through reports, certifications, and third-party attestations, including multiple SOC and ISO certifications, FISMA, and ITAR.

  47. How can you be alerted if your Amazon Elastic Compute Cloud (Amazon EC2) instances have CPU utilization that is too high?

    Set up an Amazon CloudWatch alarm on the CPU utilization that sends an Amazon Simple Notification Service (Amazon SNS) message when the desired limit is exceeded. Subscribe to that Amazon SNS message with an email address or SMS text number.

  48. What are two methods for setting Amazon CloudWatch alarms for application-specific metrics on an Amazon Elastic Compute Cloud (Amazon EC2) instance?

    Publish the application metrics to CloudWatch with the CloudWatch Logs agent or publish custom metrics.

  49. How can you ensure that your Amazon Elastic Compute Cloud (Amazon EC2) instances do not share a host with any other customer’s Amazon EC2 instances?

    By specifying that the instances use the Dedicated Instances or Dedicated Hosts tenancy options.

  50. What are Placement Groups?

    A logical grouping of Amazon Elastic Compute Cloud (Amazon EC2) instances within a single availability zone that enables applications to participate in a low-latency, 10 Gbps network.

  51. What does it mean to design a highly available architecture on AWS?

    A system is highly available when it can withstand the failure of individual or multiple components. If you design architectures around the assumption that any component will eventually fail, then systems won’t fail when an individual component does.

  52. What is vertical scaling?

    Vertical scaling takes place through an increase in the specifications of an individual resource, such as upgrading a server with a larger hard drive, more memory, or a faster CPU.

  53. What is horizontal scaling?

    Horizontal scaling takes place through an increase in the number of resources. For example, Auto Scaling is a feature of Amazon Elastic Compute Cloud (Amazon EC2) that simplifies horizontally scaling a set of Amazon EC2 resources.

  54. What does it mean to have a stateless application?

    A stateless application needs no knowledge of previous interactions and stores no session information.

  55. What does it mean to have an elastic system?

    Elastic architectures can support growth in users, traffic, or data size with no drop in performance through linear scaling on top of a scalable architecture.

  56. What is AWS Elastic Load Balancing?

    A web service that improves an application’s availability by distributing incoming traffic between two or more Amazon Elastic Compute Cloud (Amazon EC2) instances.

  57. What is Amazon CloudWatch?

    A web service that acts as a metrics repository for AWS Cloud services. AWS Cloud services send metric data to Amazon CloudWatch, and you retrieve statistics based on those metrics.

  58. What are the two types of monitoring offered by Amazon CloudWatch?

    Basic monitoring and detailed monitoring. Basic monitoring collects metrics at five-minute intervals, and metrics are stored for two weeks. Detailed monitoring collects metrics at one-minute intervals, and metrics are stored for two weeks.

  59. What is a relational database?

    A database whose organization is based on the relational model of data. Communication to and from relational databases usually involves simple StructuredQuery Language (SQL) queries.

  60. What is a NoSQL database?

    A term used to describe high-performance, non-relational databases. NoSQL databases use a variety of data models, including document, graph, key/value, and columnar.

  61. What is a data warehouse?

    A central repository for data that can come from one or more data sources. This data repository is typically used for complex queries and analysis for management decisions about the business.

  62. How do you make an Amazon Relational Database Service (Amazon RDS) instance highly available?

    By selecting a Multi-AZ deployment.

  63. What are Recovery Point Objective (RPO) and Recovery Time Objective (RTO)?

    Commonly used in disaster recovery strategy, RPO is the amount of data loss measured in time, and RTO is the amount of time needed to restore a business process to its service level.

  64. What is Amazon Virtual Private Cloud (Amazon VPC)?

    A logically isolated network in the AWS Cloud.

  65. What does a route table do within an Amazon Virtual Private Cloud (Amazon VPC)?

    A route table is a set of rules (called routes) used to determine where network traffic is directed.

  66. What is the difference between a security group and a network Access Control List (ACL) within an Amazon Virtual Private Cloud (Amazon VPC)?

    A security group is a stateful firewall enforced at the Amazon Elastic Compute Cloud (Amazon EC2) instance layer, whereas a network ACL is a stateless firewall enforced at the subnet layer.

  67. What is an Amazon Virtual Private Cloud (Amazon VPC) subnet?

    A segment of an Amazon VPC’s IP address range where you can place isolated resources.

  68. What is Amazon Virtual Private Cloud (Amazon VPC) peering?

    A networking connection between two Amazon VPCs that enables instances in either Amazon VPC to communicate with each other as if they were within the same network. Peering is available only between Amazon VPCs in the same region.

  69. What is Amazon Simple Queue Service (Amazon SQS)?

    A web service that offers reliable and scalable hosted queues for storing messages as they travel between computers.

  70. What is Amazon Simple Workflow Service (Amazon SWF)?

    A fully managed service that helps developers build, run, and scale background jobs that have parallel or sequential steps.

  71. What is Amazon Simple Notification Service (Amazon SNS)?

    A fully managed web service that enables applications, endusers, and devices to instantly send and receive notifications from the cloud.

  72. Name the types of endpoints that can be subscribed to an Amazon Simple Notification Service (Amazon SNS) topic.

    AWS Lambda function, Amazon Simple Queue Service (SQS) queue, HTTP endpoint, HTTPS endpoint, Email, Email-JSON, and SMS.

  73. What is an Amazon Simple Queue Service (Amazon SQS) visibility timeout?

    A period of time during which Amazon SQS prevents other components from receiving and processing a message because another component is already processing it.

  74. What is AWS Key Management Service (AWS KMS)?

    A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.

  75. What is the value of AWS CloudHSM?

    The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS Cloud. With AWS CloudHSM, you control the encryption keys and cryptographic operations performed by the HSM.

  76. What is AWS CloudTrail?

    A web service that records AWS Application Program Interface (API) calls for your account and delivers log files to you.

  77. What is the AWS Directory Service?

    A managed service for connecting your AWS resources to an existing on-premises Microsoft Active Directory or to set up and operate a new, standalone directory in the AWS Cloud.

  78. What are the three types of directories offered by the AWS Directory Service?

    AWS Directory Service for Microsoft Active Directory (Enterprise Edition) (also referred to as Microsoft AD), Simple AD, and AD Connector.

  79. What is the AWS shared responsibility model?

    AWS is responsible for securing the underlying infrastructure that supports the cloud, and you are responsible for securing anything you put on the cloud or connect to the cloud.

  80. What is an AWS region?

    A named set of AWS resources in the same geographical area. A region comprises at least two availability zones.

  81. What is an availability zone?

    A distinct location within a region that is insulated from failures in other availability zones and provides inexpensive, low-latency network connectivity to other availability zones in the same region.

  82. What is high-availability system design using AWS?

    High-availability system design is based on an architecture that takes advantage of multiple availability zones and regions. Distributing applications across multiple availability zones provides the ability to remain resilient in the face of most failure modes, including natural disasters or system failures.

  83. What are the three types of credentials available for use within AWS?

    Passwords, Multi-Factor Authentication (MFA) devices, and access keys.

  84. Which AWS service endpoints do not support HTTPS?

    None – all AWS service endpoints support HTTPS.

  85. What is AWS OpsWorks?

    A configuration management service that helps you configure and operate applications of all shapes and sizes using Chef.

  86. What is AWS CloudFormation?

    A service that helps you model and set up your AWS resources based on a JSON template. It allows organizations to deploy, modify, and update resources in a controlled and predictable way.

  87. What is AWS Elastic Beanstalk?

    A web service for deploying and managing applications in the AWS Cloud without worrying about the infrastructure that runs those applications.

  88. What is AWS Config?

    A fully managed service that provides an AWS resource inventory, configuration history, and configuration change notifications for better security and governance.

  89. What is AWS Trusted Advisor?

    A service that inspects your environment and makes recommendations when opportunities exist to save money, improve system availability and performance, or help close security gaps.

  90. What is Amazon Simple Queue Service (Amazon SQS) long polling?

    Long polling allows the Amazon SQS service to wait until a message is available in the queue before sending a response.

  91. What is the first architecture best practice of AWS?

    Design for failure and nothing will fail.

  92. Name two types of redundancy.

    Active and standby. Active redundancy means the load is evenly distributed across multiple resources and when one fails, the others absorb a larger workload. When a resource fails with standby redundancy, functionality is recovered on a secondary resource using a process called failover.

  93. What is elasticity?

    The ability for the system to grow based on increased demand and contract based on decreased demand, whether gradually over time or in response to a sudden change.

  94. What is defense in depth?

    A security paradigm where security is implemented at multiple layers within a system. These layers include the physical layer, network layer, system layer, and data layer.

  95. How many types of Elastic Load Balancers are offered within AWS?

    Two: Internet-facing load balancers and internal load balancers.

  96. What does connection draining do on an Elastic Load Balancer?

    It enables the load balancer to complete in-flight requests to instances that are de-registered or unhealthy.

  97. What is the benefit of enabling sticky sessions on an Elastic Load Balancer?

    Enabling sticky sessions on an Elastic Load Balancerensures that all requests from the user during the session are sent to the same instance behind the Elastic Load Balancer.

  98. Name the four different types of Auto Scaling plans.

    Manual scaling, maintain current instance level, scheduled scaling, and dynamic scaling.

  99. In reference to relational databases, what is the difference between Online Transaction Processing (OLTP) and Online Analytical Processing (OLAP)?

    OLTP refers to transaction-oriented applications that are frequently writing and changing data (for example, data entry, e-commerce applications). OLAP is typically the domain of data warehouses and refers to reporting on or analyzing large data sets.

  100. What does loosely coupled mean and why is it important?

    Coupling is the degree of direct knowledge that one component has of another. Loose coupling is a design approach where components have very little or no direct knowledge of each other. Loosely coupled systems can scale to a greater extent than more tightly coupled systems.