AWS Certified Cloud Practitioner – 002: Questions and answers

As an AWS startup solutions architect I work closely with early stage startups, helping them with general guidance, performing architecture reviews, discussing best practices, security, reliability, cost optimization, and other general questions.

https://aws.amazon.com/blogs/startups/how-to-set-aws-budget-when-paying-with-aws-credits/

Glacier is used for archival data storage. It can be configured for 3-5 minute recovery, 3-5 hour recovery, or 5-12 hour recovery.

https://aws.amazon.com/glacier/

This Acceptable Use Policy (this “Policy”) describes prohibited uses of the web services offered by Amazon Web Services, Inc. and its affiliates (the “Services”) and the website located at http://aws.amazon.com (the “AWS Site”). The examples described in this Policy are not exhaustive. We may modify this Policy at any time by posting a revised version on the AWS Site. By using the Services or accessing the AWS Site, you agree to the latest version of this Policy. If you violate the Policy or authorize or help others to do so, we may suspend or terminate your use of the Services.

https://aws.amazon.com/aup/

AWS endpoints are used to connect VPCs to AWS services. It allows instances in a VPC to access resources in another VPC through the endpoint.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

Adopting the AWS Cloud can provide you with sustainable business advantages. Supplementing your team with specialized skills and experience can help you achieve those results. The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives.

https://aws.amazon.com/professional-services/

An ENI can have one public address and multiple private addresses. This allows the interface to connect to the cloud and the Internet.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Under-the-hood, AWS uses prefixes attached to object names to virtualize folders. Folders do not actually exist in the S3 bucket.

https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-folders.html

AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases.

https://aws.amazon.com/dms/

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on the Internet. It’s a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs.

https://aws.amazon.com/s3/faqs

AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.

Each VPC must have a route to the other (peer) VPC in the routing table.

https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html

Each VPC must have a route to the other (peer) VPC in the routing table.

https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html

A metric alarm watches a single CloudWatch metric or the result of a math expression based on CloudWatch metrics. The alarm performs one or more actions based on the value of the metric or expression relative to a threshold over a number of time periods. The action can be an Amazon EC2 action, an Amazon EC2 Auto Scaling action, or a notification sent to an Amazon SNS topic.

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html

While security is not necessarily decreased in cloud computing, it is certainly not increased.

AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes

The AWS APIs are largely based on REST as it uses HTTP method for communications.

https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html

Elastic Block Store (EBS) is used to create volumes that are attached to EC2 instances for block-level access.

https://aws.amazon.com/ebs/

There is a limit of 10 tags per S3 object, so they should be planned well within your organization.

https://aws.amazon.com/s3/

AWS responsibility “Security of the Cloud” – AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

https://aws.amazon.com/compliance/shared-responsibility-model/

You can configure the following parameters in DHCP options: Domain Name Servers, Domain Name, NTP Servers, NetBIOS name servers, and NetBIOS node types.

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html

Visibility into your AWS account activity is a key aspect of security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your AWS infrastructure. You can identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your AWS account. Optionally, you can enable AWS CloudTrail Insights on a trail to help you identify and respond to unusual activity.

You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of trails you create, and control how users view CloudTrail events.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html

Security parameters may be used for this. Encryption does not limit user access. Encryption is used for storage security and anyone with access will still be able to access the encrypted data through automatic decryption.

https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge

Infrastructure as a Service (IaaS) is a reference to the entire infrastructure (networking, services, servers, etc.) in the cloud.

CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. CloudFront works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers’ users and to customize the user experience

https://aws.amazon.com/cloudfront/

Availability Zones are within regions, and resilient networks are built between data centers in the Availability Zone.

EIPs are allocated to your account and remain allocated until you release them. All EIPs come with a charge, so they should be released when no longer required.

https://aws.amazon.com/premiumsupport/knowledge-center/elastic-ip-charges/

VPC peering is not transitive. This simply means that peering does not pass through. For example, if VPC1 is peered with VPC2 and VPC2 is peered with VPC3, this does not mean that VPC1 is peered with VPC3. All peers must be directly configured.

https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html

Security in the cloud is the responsibility of the customer. Security of the cloud is the responsibility of Amazon.

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

https://aws.amazon.com/vpc/

After creating a VPC, you will need to create one or more subnets. The instances will be configured to connect to one of these subnets.

https://docs.aws.amazon.com/vpc/latest/userguide/working-with-vpcs.html

VPN, IPSec, and L2TP are all network-based security solutions. Encryption can be implemented in S3 buckets for storage-based security

https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html

Amazon Web Services offers you the flexibility to run Microsoft SQL Server for as much or as little time as you need and select from a number of versions and editions. SQL Server on Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS) gives you complete control over every setting, just like when it’s installed on-premises. Amazon Relational Database Service (Amazon RDS) is a fully managed service that takes care of all the maintenance, backups, and patching for you.

https://aws.amazon.com/sql/

The AWS Partner Network (APN) is the global partner program for technology and consulting businesses who leverage Amazon Web Services to build solutions and services for customers. The APN helps companies build, market, and sell their AWS offerings by providing valuable business, technical, and marketing support.

https://aws.amazon.com/partners/

An instance is an instance or implementation of an AWS machine image (AMI).

Making Application Failover Seamless by Failing Over Your Private Virtual IP Across Availability Zones

https://aws.amazon.com/blogs/apn/making-application-failover-seamless-by-failing-over-your-private-virtual-ip-across-availability-zones/

Compute services include EC2, Lambda, and Elastic Beanstalk, among others. EBS is a storage service for block-level access.