Which of the following AWS services can be used as a compute resource Choose two

1. You have just set up your AWS environment and have created six IAM user accounts for the DevOps team. What is the AWS recommendation when granting permissions to those IAM accounts?

The principle of least privilege(PoLP): It requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.

2. You are using several on-demand EC2 Instances to run your development environment. What is the best way to reduce your charges when these instances are not in use?

aws는 인스턴스를 멈추거나 데이터를 전달할 때 사용료를 부과하지 않는다. 멈춘 인스턴스에 대해서는 EBS volumes의 스토리지의 비용만을 부과한다.

비용을 줄이겠다고 EBS volumes를 다 삭제하면 데이터 역시도 삭제된다. 마찬가지로 AMI 이미지 없이 인스턴스를 바꾸면 이 역시도 데이터를 잃는다. 

3. A company has infrastructure hosted in an on-premises data center. They currently have an operations team that takes care of ID management. If they decide to migrate to the AWS cloud, which of the following services would help them perform the same role in AWS?

Federation: enables users to access and use aws resources using their existing corporate credentials.

그들이 가지고 있는 ID management 시스템을 사용하겠다는 것이 아니라 same role을 하는 aws cloud를 사용하겠다고 했으니 federation은 오답이다. 실수주의

4. An organization needs to build a financial application that requires support for ACID transactions. Which AWS database service is most appropriate in this case?

RDBMS의 특징인 ACID transactions에 관련된 질문이므로 aws 자체 RDBMS인 RDS가 정답이다.

5. Which of the following AWS services uses Puppet to automate how EC2 instances are configured?

개인적으로 chef, puppet이 나오면 무조건 OpsWorks이다.

AWS OpsWorks는 Chef 및 Puppet의 관리형 인스턴스를 제공하는 구성 관리 서비스입니다. Chef 및 Puppet은 코드를 사용해 서버 구성을 자동화할 수 있게 해주는 자동화 플랫폼입니다. OpsWorks를 사용하면 Chef 및 Puppet을 통해 Amazon EC2 인스턴스 또는 온프레미스 컴퓨팅 환경 전체에서 서버가 구성, 배포 및 관리되는 방법을 자동화할 수 있습니다. OpsWorks에서는 AWS Opsworks for Chef Automate, AWS OpsWorks for Puppet Enterprise 및 AWS OpsWorks Stacks라는 세 가지 제품을 제공합니다.

OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allows you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across our Amazon EC2 instance or on-premises compute environments.

CloudTrail: a service that track all users' actions in your account.

CloudFormation: used to manage your entire infrastructure as code.

Quick Starts: automated reference deployments for key workloads on the AWS Cloud. Each Quick Start launches, configures, and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability.

6. Which of the following services gives you access to all AWS auditor-issued reports and certifications?

인증서, 감사발행 보고서 등을 보려면 Artifact이다. 실수주의

Artifact: your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include AWS Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

a comperhenAccess all of AWS’ auditor issued reports, certifications, accreditations and other third-party attestations.

CloudWatch: used to monitor the utilization of AWS cloud resources.

CloudTrail: a service that track all users' actions in your account. It provides visibility into user activity by recording actions taken on your account. including who made the request, the services used, the actions performed, parameters for the actions, and the response elements returned by the AWS service. This information helps you to track changes made to your AWS resources and to troubleshoot operational issues.

Config: a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With AWS Config you can discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.

7. What does the Amazon CloudFront service provide? (Choose two) 암기취약

Caches common responses

Delivers content to end users with low latency

Amazon CloudFront employs a global network of edge locations and regional edge caches that cache copies of your content(Caches common responses) close to your end-users. Amazon CloudFront ensures that end-user requests are serviced by the closest edge location. As a result, requests travel a short distance, improving performance for your end-users(Delivers content to end users with low latency). To service requests for files not cached at the edge locations and the regional edge caches, Amazon CloudFront maintains persistent connections with your origin servers so that those files can be fetched from the origin servers as quickly as possible.

Amazon CloudFront는 개발자 친화적 환경에서 짧은 지연 시간(Delivers content to end users with low latency)과 빠른 전송 속도로 데이터, 동영상, 애플리케이션 및 API를 전 세계 고객에게 안전하게 전송하는 고속 콘텐츠 전송 네트워크(CDN) 서비스입니다. CloudFront는 AWS와 통합되며, AWS 글로벌 인프라와 직접 연결된 물리적 위치뿐만 아니라 다른 AWS Services와도 통합됩니다. 다양한 서비스와 원활하게 연동되는 CloudFront는 AWS Shield와 연동되어 DDoS 완화를 수행하고, 애플리케이션 오리진으로서 Amazon S3, ELB(Elastic Load Balancing) 또는 Amazon EC2를 사용하고, Lambda@Edge와 연동되어 사용자지정 코드를 고객의 사용자에서 가까운 위치에서 실행하고 맞춤화된 사용자 경험을 제공합니다. 마지막으로, Amazon S3, Amazon EC2 또는 Elastic Load Balancing과 같은 AWS 오리진을 사용하는 경우, 이러한 서비스와 CloudFront 간에 전송된 데이터에 대해서는 비용을 지불하지 않습니다.

8. What does AWS Cost Explorer provide to help manage your AWS spend?

cost forecast capabilities는 과거 소비 패턴을 머신러닝으로 파악하여 향후 12개월의 비용을 예측한다. 예상 사용량으로 비용을 추정하는 것이 아니다. 단순 추정이 아니라 학습을 사용하는 것이다.

예상 사용량으로 비용 견적을 내는 것(Accurate estimates of AWS services costs based on your expected usage)은 AWS Simple Monthly Calculator가 담당한다.

Cost Explorer: an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. Cost Explorer’s cost forecast capabilities use machine learning to learn each customer’s historical spend patterns and use that information to forecast expected costs. Cost Explorer’s forecasting enables you to get a better idea of what your costs and usage may look like in the future, so that you can plan ahead. Forecasting capabilities have been enhanced to support twelve month forecasts (previously forecasts were limited to three months) for multiple cost metrics, including unblended and amortized costs.

9. You are running a financial services web application on AWS. The application uses a MySQL database to store the data. Which of the following AWS services would improve the performance of your application by allowing you to retrieve(회수하다) information from fast in-memory caches?

ElastiCache: offers fully managed Redis and Memcached. Seamlessly deploy, operate, and scale popular open source compatible in-memory data stores. Build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps.

The primary purpose of an in-memory data store is to provide ultrafast (submillisecond latency) and inexpensive access to copies of data. Querying a database is always slower and more expensive than locating a copy of that data in a cache. Some database queries are especially expensive to perform. An example is queries that involve joins across multiple tables or queries with intensive calculations. By caching (storing) such query results, you pay the price of the query only once. Then you can quickly retrieve the data multiple times without having to re-execute the query. 암기취약

Naptune: a graph database service.

DAX: a caching feature for use with Amazon DynamoDB - which is a NoSQL database - and the application specified uses a MySQL database.

EFS: a storage service.

10. Which of the following strategies help analyze costs in AWS?

Tags는 Cost Explorer와 Cost and Usage report 사용하여 결제 정보를 볼 때 유용하다. CloudFormation을 사용해 자원 배치를 자동화한다는 말은 옳긴 하지만 비용 분석에는 적절하지 않다.

Tags: key-value pairs that allow you to organize your AWS resources into groups.

You can use tags to:

1- Visualize information about tagged resources in one place, in conjunction with Resource Groups.

2- View billing information using Cost Explorer and the AWS Cost and Usage report.

3- Send notifications about spending limits using AWS Budgets.

It is recommended to use logical groupings of your resources that make sense for your infrastructure or business. You could organize your resources by: Project, Cost center, Development environment, Application or Department. For example, if you tag resources with an application name, you can track the total cost of a single application that runs on those resources.

CloudFormation: used to manage your entire infrastructure as code. Automating the deployment of your resources through scripts allows you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts, enabling configuration compliance and faster troubleshooting.

Inspector: a security assessment(평가) service for your applications.

11. Which of the following AWS services helps migrate your current on-premise databases to AWS?

온프레미스(On-premise)란 소프트웨어 등 솔루션을 클라우드 같이 원격 환경이 아닌 자체적으로 보유한 전산실 서버에 직접 설치해 운영하는 방식을 말합니다. 온프레미스는 클라우드 컴퓨팅 기술이 나오기 전까지 기업 인프라 구축의 일반적인 방식이었기 때문에 이전 또는 전통적인 이라는 단어와 함께 사용됩니다.

DMS: Database Migration Service. It helps you migrate databases to AWS quickly and securely.The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases. 그냥암기

S3 Transfer Acceleration: helps to read and write data to Amazon S3 over long geographic distances with low latency.

CloudEndure: enables you to migrate running machine images into EC2 with their data.

CloudFront: employs a global network of edge locations and regional edge caches that cache copies of your content(Caches common responses) close to your end-users. Amazon CloudFront ensures that end-user requests are serviced by the closest edge location. As a result, requests travel a short distance, improving performance for your end-users(Delivers content to end users with low latency). To service requests for files not cached at the edge locations and the regional edge caches, Amazon CloudFront maintains persistent connections with your origin servers so that those files can be fetched from the origin servers as quickly as possible. 암기취약

12. Which statement is true in relation to the security of Amazon EC2?

You should regularly patch the operating system and applications on your EC2 instances. EC2는 managed service가 아니기 때문에 정기적으로 patch, update, secure 해주어야 한다.

Athena: an interactive query service that enables you to analyze data in S3 using standard SQL.

13. Amazon EBS volumes can be attached to which of the following compute resources?

EC2지~

EBS volume: a durable, block-level storage device that can be attached to a single EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates, such as the system drive for an instance or storage for database software.

Lambda: a serverless compute service. You cannot attach EBS volumes to Lambda.

Fargate: tasks only support non-persistent(일시적인) storage volumes.

Lambda@Edge: a feature of CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency. You cannot attachEBS volumes to Lambda@Edge.

Lambda@Edge는 Amazon CloudFront의 기능 중 하나로서 애플리케이션의 사용자에게 더 가까운 위치에서 코드를 실행하여 성능을 개선하고 지연 시간을 단축할 수 있게 해 줍니다. Lambda@Edge를 사용하면 전 세계 여러 위치에 있는 인프라를 프로비저닝하거나 관리하지 않아도 됩니다. 사용한 컴퓨팅 시간만큼만 비용을 지불하고, 코드가 실행되지 않을 때는 요금이 부과되지 않습니다.

14. Which of the following services provide real-time auditing for compliance and vulnerabilities(취약성)? (Choose two) 찍음

Services like AWS Config, Amazon Inspector, and AWS Trusted Advisor continually monitor for compliance or vulnerabilities giving you a clear overview of which IT resources are in compliance, and which are not. With AWS Config rules you will also know if some component was out of compliance even for a brief period of time, making both point-in-time and period-in-time audits very effective.

MQ: a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud.

Redshift: a data warehousing service.

Cognito: lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. 암기취약

15. Which service helps you by collecting important metrics from a running EC2 instance?

CloudWatch: used to monitor the utilization of AWS cloud resources. a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.

CloudTrail logs: include details about any API calls made to your AWS services.

CloudFormation: used to manage your entire infrastructure as code. Automating the deployment of your resources through scripts allows you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts, enabling configuration compliance and faster troubleshooting. 암기취약

Inspector: an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. a security assessment(평가) service for your applications. 보안 평가 서비스

16. Which of the following will affect how much you are charged for storing objects in S3? (Choose two)

S3 pricing is based on four factors:

1- The storage class you have chosen. 스토리지 클래스 (The storage class used for the objects stored.)

2- The total amount of data (in GB) you’ve stored. 데이터 총량 (The total size in gigabytes of all objects stored.)

3- Data Transfer Out. 외부로 전송

4- Number of Requests. 요청 수

Using default encryption for any number of S3 buckets: S3 버킷 갯수에 대한 디폴트 암호화(?)는 pricing에 영향을 미치지 않는다.

Creating and deleting S3 buckets: 버킷 갯수를 조정하는 것은 무료이지만 버킷 안의 데이터 총량에 의해 pricing이 이루어진다.

The number of EBS volumes attached to your instances: EBS는 S3와 별개로 EC2와 RDS에 붙여서 사용하는 storage service이다. Amazon EBS is a different AWS storage service. Amazon EBS is a block level storage that provides storage volumes for use with Amazon EC2 and Amazon RDS.

EBS: a durable, block-level storage device that can be attached to a single EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates, such as the system drive for an instance or storage for database software.

17. How are S3 storage classes rated?

Each S3 storage class is rated on its availability(가용성) and durability(내구성).

Availability(가용성) & Scalability(확장성): S3에 확장성은 없고, 데이터를 무제한 저장할 수 있을 뿐이다. S3 storage classes는 똑같은 level의 확장성을 가지고 있다는 것이다. All S3 storage classes provide the same level of storage scalability. S3 will scale to store any amount of data from anywhere.

S3 storage classes:

Standard: 자주 액세스하는 데이터를 위해 높은 내구성, 가용성 및 성능을 갖춘 객체 스토리지를 제공합니다. S3 Standard는 짧은 지연 시간과 많은 처리량을 제공하므로 클라우드 애플리케이션, 동적 웹 사이트, 콘텐츠 배포, 모바일 및 게임 애플리케이션, 빅 데이터 분석 등의 다양한 사용 사례에 적합합니다.

Intelligent-Tiering: 알 수 없거나 변화하는 액세스. 성능 영향 또는 운영 오버헤드 없이 가장 비용 효과적인 액세스 계층으로 데이터를 자동으로 이동하여 비용을 최적화하기 위해 설계되었습니다. 이 스토리지 클래스는 두 개의 액세스 계층에 객체를 저장하여 작동합니다. 한 계층은 빈번한 액세스에 맞게 최적화되고 저렴한 비용의 다른 한 계층은 빈번하지 않은 액세스에 맞게 최적화됩니다.

Standard-Infrequent Access(Standard-IA): 빈번하지 않은 액세스. 자주 액세스하지 않지만 필요할 때 빠르게 액세스해야 하는 데이터에 적합합니다. 장기 스토리지, 백업 및 재해 복구 파일용 데이터 스토어에 이상적입니다. 

One Zone-Infrequent Access(One Zone-IA): 빈번하지 않은 액세스. 자주 액세스하지 않지만 필요할 때 빠르게 액세스해야 하는 데이터에 적합합니다. 최소 3개의 가용 영역(AZ)에 데이터를 저장하는 다른 S3 스토리지 클래스와는 달리, S3 One Zone-IA는 단일 AZ에 데이터를 저장하며 비용이 S3 Standard-IA보다 20% 적게 듭니다. 가용성 및 복원력이 필요 없는 고객에게 적합합니다. 온프레미스 데이터 또는 쉽게 다시 생성할 수 있는 데이터의 보조 백업 복사본을 저장하는 경우 좋은 선택입니다. 

Glacier: 아카이브. 안전하고 내구력 있으며 저렴한 스토리지 클래스입니다.

• 여러 가용 영역에 걸쳐 99.999999999%의 객체 내구성을 제공하도록 설계
• 하나의 가용 영역 전체가 파괴되더라도 데이터 복원력 유지
• 전송 데이터를 위한 SSL 및 저장 데이터의 암호화 지원
• 장기 아카이브에 이상적인 저비용 디자인
• 몇 분부터 몇 시간까지 구성 가능한 검색 시간
• S3 Glacier에 직접 업로드하기 위한 S3 PUT API 및 객체의 자동 마이그레이션을 위한 S3 수명 주기 관리

Glacier Deep Archive(S3 Glacier Deep Archive): 가장 저렴한 비용의 스토리지 클래스이며 1년에 한두 번 정도 액세스할 수 있는 데이터의 장기 보관 및 디지털 보존을 지원합니다. 이 서비스는 규제 규정 준수 요건을 충족하기 위해 7-10년 이상 데이터 세트를 보관하는 고객(특히 금융 서비스, 의료, 공공 부문과 같이 엄격하게 규제되는 산업의 고객)을 위해 설계되었습니다.

18. Why are Serverless Architectures more economical than Server-based Architectures?

Serverless architectures can reduce costs because you don’t have to manage or pay for underutilized servers, or provision redundant(불필요한) infrastructure to implement high availability. For example, you can upload your code to the AWS Lambda compute service, and the service can run the code on your behalf using AWS infrastructure. With AWS Lambda, you are charged for every 100ms your code executes and the number of times your code is triggered.

19. For compliance and regulatory(규제) purposes, a government agency requires that their applications must run on hardware that’s dedicated to them only. How can you meet this requirement?

When you launch instances on a Dedicated Host, the instances run on a physical server that is dedicated for your use. While Dedicated instances also run on dedicated hardware, Dedicated Hosts provide further visibility and control by allowing you to place your instances on a specific, physical server. This enables you to deploy instances using configurations that help address corporate compliance and regulatory requirements.

Amazon EC2 purchasing options include:

On-Demand

Savings Plans

Reserved Instances

Spot Instances

Dedicated Hosts

Dedicated instances

The difference between Dedicated Hosts and Dedicated Instances:

1- Dedicated Instances guarantee that the instances will run on hardware that's dedicated to a single AWS account. But, as we mentioned above, Dedicated Instances may share hardware with other instances from the same AWS account that are not Dedicated Instances. That is not the case with Dedicated hosts. Dedicated hosts allow you to control how instances are placed on a specific physical server, and you can consistently deploy your instances to the same physical server over time. For that reason, Dedicated Hosts is a better option to handle compliance and regulatory requirements in most scenarios.

2- Dedicated hosts enable you to benefit from the Bring Your Own License (BYOL) model for almost every BYOL scenario, while only certain scenarios are supported by Dedicated Instances. The BYOL model enables AWS customers to use their existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server. Dedicated Hosts provide additional control over your instances and visibility into Host level resources and tooling that allows you to manage software that consumes licenses on a per-core or per-socket basis, such as Windows Server and SQL Server. This is why most BYOL scenarios are supported through the use of Dedicated Hosts, while only certain scenarios are supported by Dedicated Instances.

20. Which of the following are factors to consider for Amazon EBS pricing? (Choose two)

Amazon EBS pricing has three factors:  

1- Volumes: Volume storage for all EBS volume types is charged by the amount of GB you provision per month, until you release the storage. 

2- Snapshots: Snapshot storage is based on the amount of space your data consumes in Amazon S3. Because Amazon EBS does not save empty blocks, it is likely that the snapshot size will be considerably less than your volume size. Copying EBS snapshots is charged based on the volume of data transferred across regions. For the first snapshot of a volume, Amazon EBS saves a full copy of your data to Amazon S3. For each incremental snapshot, only the changed part of your Amazon EBS volume is saved. After the snapshot is copied, standard EBS snapshot charges apply for storage in the destination region. 

3- Data transfer: Consider the amount of data transferred out of your application. Inbound data transfer is free, and outbound data transfer charges are tiered.

21. For Amazon RDS databases, What does AWS perform on your behalf? (Choose two)

그냥암기

AWS is responsible for:

1- Managing the underlying infrastructure and foundation services.

2- Managing the operating system(운영체제).

3- Database setup.

4- Patching and backups.

The customer is still responsible for:

1- Protecting the data stored in his databases (through encryption and IAM access control).

2- Managing the database settings that are specific to his application.

3- Building the relational schema.

4- Network traffic protection.

22. What best describes penetration testing?

Penetration testing is the practice of testing a network or web application to find security vulnerabilities that an attacker could exploit.

23. Which of the following are use cases for Amazon EMR? (Choose two)

EMR: a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. It utilizes a hosted Hadoop framework running on the web-scale infrastructure of Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3).

Amazon EMR is ideal for problems that necessitate the fast and efficient processing of large amounts of data. EMR securely and reliably handles a broad set of big data use cases, including log analysis, web indexing, data transformations (ETL), machine learning, financial analysis, scientific simulation, and bioinformatics.

Amazon EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming set-up, management or tuning of Hadoop clusters or the compute capacity upon which they sit.

Amazon EMR은 업계 최고 수준의 클라우드 네이티브 빅 데이터 플랫폼으로, 방대한 양의 데이터를 대규모로 신속하면서 경제적으로 처리합니다. Amazon EMR은 Apache Spark, Apache Hive, Apache HBase, Apache Flink, PrestoApache Hudi(Incubating), Presto 같은 오픈 소스 도구와 Amazon EC2의 동적 확장성 그리고 Amazon S3의 확장 가능한 스토리지를 함께 활용함에 따라 기존 온프레미스 클러스터의 몇 분의 1에 해당하는 비용으로 페타바이트 규모의 분석을 실행할 수 있도록 하는 엔진과 탄력성을 분석 팀에 제공합니다. EMR을 활용하는 팀은 수요를 충족하도록 자동으로 확장되는 전용 단기 실행 클러스터에서 사용 사례를 실행하거나, 새로운 멀티 마스터 배포 모드를 사용하여 가용성이 뛰어난 장기 실행 클러스터에서 사용 사례를 실행하는 유연성을 누릴 수 있습니다. Apache Spark 및 Apache Hive와 같은 오픈 소스 도구의 기존 온프레미스 배포를 사용하면 EMR clusters on AWS Outposts를 실행하여 Outposts를 통해 온프레미스에서 확장하거나 클라우드에서 확장할 수 있습니다. 암기취약

Snowmobile: the service that can be used to transfer Exabyte-scale data from on-premises resources to AWS.

Elastic Container Service (ECS): the service that can be used to run and manage Docker containers in AWS.

24. Your CTO has asked you to contact the AWS support using the chat feature to ask for guidance related to EBS. However, when you open the AWS support center you can't see a way to contact support via Chat. What should you do?

Chat access to AWS Support Engineers is available at the Business and Enterprise level plans only.

25. A developer wants to quickly deploy and manage his application in the AWS Cloud, but he doesn’t have any experience with cloud computing. Which of the following AWS services would help him achieve his goal?

Elastic Beanstalk: an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain(유지하다) full control over the AWS resources powering your application and can access the underlying resources at any time. 그냥암기

Batch: provides batch(묶다) processing at any scale.

X-Ray: a debugging service that helps developers understand how their application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

Fargate: a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters. Fargate랑 ECS랑 묶어서 생각해도 되고, Fargate, Lambda가 serverless라는 것으로 묶어서 생각해도 된다.

26. What does the term “Economies of scale” mean?

By using cloud computing, you can achieve a lower variable cost than you would get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower pay as-you-go prices.

27. You manage a blog on AWS that has different stages such as development, testing, and production. How can you create a custom console in each stage to view and manage your resources easily?

stage랑 resource가 같이 나오면 Resource Groups로 묶으면 될 듯 하다. resource group이랑 placement group이랑은 완전히 다르다. resource group은 서비스 이용 시 대시보드를 커스터마이즈 하는 느낌, placement group은 인스턴스들 실행할 때 place하는 부분과 관련된 서비스이다.

Resource Groups: If you work with multiple resources in multiple stages, you might find it useful to manage all the resources in each stage as a group rather than move from one AWS service to another for each task. Resource Groups help you do just that. By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates information based on your project and the resources that you use.

Placement Groups: logical groupings or clusters of instances within a single Availability Zone. Placement groups are specifically used for launching cluster of compute instance types. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.

28. You have a real-time IoT application that requires sub-millisecond latency. Which of the following services would you use? 찍음

IoT, rea-time, sub-millisecond latency는 Elasticache for Redis와 관련이 있다.

ElastiCache: offers fully managed Redis and Memcached. Seamlessly deploy, operate, and scale popular open source compatible in-memory data stores. Build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps.

The primary purpose of an in-memory data store is to provide ultrafast (submillisecond latency) and inexpensive access to copies of data. Querying a database is always slower and more expensive than locating a copy of that data in a cache. Some database queries are especially expensive to perform. An example is queries that involve joins across multiple tables or queries with intensive calculations. By caching (storing) such query results, you pay the price of the query only once. Then you can quickly retrieve the data multiple times without having to re-execute the query. 암기취약

ElastiCache for Redis: a blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications. Built on open-source Redis and compatible with the Redis APIs, ElastiCache for Redis works with your Redis clients and uses the open Redis data format to store your data. Your self-managed Redis applications can work seamlessly with ElastiCache for Redis without any code changes. ElastiCache for Redis combines the speed, simplicity, and versatility of open-source Redis with manageability, security, and scalability from Amazon to power the most demanding real-time applications in Gaming, Ad-Tech, E-Commerce, Healthcare, Financial Services, and IoT.

Cloud9: a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. 클라우드 기반 통합개발환경

Athena: an interactive query service that enables you to analyze data in S3 using standard SQL.

29. Which of the following is a cloud computing deployment model that connects infrastructure and applications between cloud-based resources and existing resources not located in the cloud?

클라우드 컴퓨팅 배치 모델에 대해서는 Hybrid밖에 나올 질문이 없을 듯 하다.

Cloud Computing Deployment Models:

Hybrid deployment: a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud. The most common method of hybrid deployment is between the cloud and existing on-premises infrastructure to extend, and grow, an organization's infrastructure into the cloud while connecting cloud resources to the internal system. 

Cloud: s fully deployed in the cloud and all parts of the application run in the cloud. 

On-premises: using virtualization and resource management tools, is sometimes called the “private cloud.” 

30. Which tool can a non-AWS customer use to compare the cost of his current on-premises environment to AWS?

aws 기반 아닌 것과의 비용 비교는 TCO Calculator 하나만 기억하면 된다. 그냥암기

TCO Calculator: helps you evaluate the savings from using AWS and compare an AWS Cloud environment to on-premises and co-location environments. This tool considers all the costs to run a solution, including physical facilities, power, and cooling, to provide a realistic, end-to-end comparison of your costs.

Budgets: gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

Simple Monthly Calculator: helps customers and prospects estimate their monthly AWS bill more efficiently. AWS Simple Monthly Calculator does not provide cost comparisons between AWS and on-premises environments.

Cost Explorer: lets you dive deeper into your AWS cost and usage data to identify trends, pinpoint cost drivers, and detect anomalies(변칙, 이례).

31. Your company experiences fluctuations(변동) in traffic patterns to their e-commerce website when running flash sales. What service can help your company dynamically match the required compute capacity to handle spikes in traffic during flash sales?

특별한 이벤트 때문에 트래픽 변동이 있는 케이스에 대한 질문에는 Auto Scaling으로 답한다. 

Auto Scaling: monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, you maintain optimal application performance and availability, even when workloads are periodic, unpredictable, or continuously changing. When demand spikes, AWS Auto Scaling automatically increases the compute capacity, so you maintain performance. When demand subsides, AWS Auto Scaling automatically decreases the compute capacity, so you pay only for the resources you actually need.

Elastic Container Service (ECS): the service that can be used to run and manage Docker containers in AWS.

ElastiCache: offers fully managed Redis and Memcached. Seamlessly deploy, operate, and scale popular open source compatible in-memory data stores. Build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps.

The primary purpose of an in-memory data store is to provide ultrafast (submillisecond latency) and inexpensive access to copies of data. Querying a database is always slower and more expensive than locating a copy of that data in a cache. Some database queries are especially expensive to perform. An example is queries that involve joins across multiple tables or queries with intensive calculations. By caching (storing) such query results, you pay the price of the query only once. Then you can quickly retrieve the data multiple times without having to re-execute the query. 암기취약

32. What can you use to assign permissions to an IAM user?

IAM Policy

The policy is a JSON document that consists of:

1- Actions: what actions you will allow. Each AWS service has its own set of actions.

2- Resources: which resources you allow the action on.

3- Effect: what will be the effect when the user requests access—either allow or deny.

4- Conditions – which conditions must be present for the policy to take effect. For example, you might allow access only to the specific S3 buckets if the user is connecting from a specific IP range or has used multi-factor authentication at login.

33. Which of the following strategies helps protect your AWS root account?

이미 root account는 모든 resource와 billing information까지 권한이 있기 때문에 별다른 access key가 필요하지 않다. 정 필요하다면 만들어주되, 정기적으로 바꾸는 것을 추천한다.

Anyone who has root user access keys for your AWS account has unrestricted access to all the resources in your account, including billing information. If you don't already have an access key for your AWS account root user, don't create one unless you absolutely need to. If you do have an access key for your AWS account root user, delete it. If you must keep it, rotate (change) the access key regularly.

Apply MFA for the root account and use it for all of your work: AWS strongly recommend that you do not use the AWS account root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks. And give the IAM user that you created administrative privileges, and use this Admin user for all your work.

34. Which of the following are Amazon EC2 reserved instances types? (Select two)

EC2 reserved instances(RIs): 그냥암기

1- Standard RIs: These provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage.

2- Convertible RIs: These provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. Like Standard RIs, Convertible RIs are best suited for steady-state usage. 

할인 혜택(온디맨드 대비 최대 54%)을 제공하며 RI의 속성을 변경할 수 있습니다(교체 후 예약 인스턴스 금액이 교체 전보다 크거나 같은 경우에 한함). 표준 RI와 마찬가지로 컨버터블 RI도 사용량이 꾸준한 경우에 가장 적합합니다.

3- Scheduled RIs: These are available to launch within the time windows you reserve. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month.

35. Who from the following will get the largest discount?

Reserved, Standard, All upfront instances

Reserved instance types include:

- Standard RIs: These provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage.

- Convertible RIs: These provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value.

You can choose between three payment options when you purchase a Standard or Convertible Reserved Instance. With the All Upfront option, you pay for the entire Reserved Instance term with one upfront payment. With the Partial Upfront option, you make a low upfront payment and are then charged a discounted hourly rate for the instance for the duration of the Reserved Instance term. The No Upfront option does not require any upfront payment and provides a discounted hourly rate for the duration of the term.

* Remember that when you buy Reserved Instances, the larger the upfront payment, the greater the discount.

- The All Upfront option provides you with the largest discount.

- The Partial Upfront option provides fewer discounts than All Upfront.

- The No Upfront option provides you with the least discount. 그냥암기

36. You need to migrate a large number of on-premises workloads to AWS. Which of the following is the fastest way to achieve your goal?

Server Migration Service (SMS): an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS. AWS SMS allows you to automate, schedule, and track incremental(증대하는) replications of live server volumes, making it easier for you to coordinate large-scale server migrations. 

Application Discovery Service: used to discover on-premises server inventory and behavior. This service is very useful when creating a migration plan to AWS. on-premises server가 있는지 발견해주는 서비스이기 때문에 migration할 때 도움은 되겠지만 migrate하게 해주는 것은 아님에 유의한다.

File Transfer Acceleration: an S3 feature that enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.

37. Which of the following is a feature of Amazon RDS that performs automatic failover(시스템 대체 작동) when the primary database fails to respond?

Multi-AZ: Relational Database Service (Amazon RDS) maintains a redundant(불필요한) and consistent standby copy of your data. If you encounter problems with the primary copy, Amazon RDS automatically switches to the standby copy (or to a read replica in the case of Amazon Aurora) to provide continued availability to the data. The two copies are maintained in different Availability Zones (AZs), hence the name “Multi-AZ.” Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. Having separate Availability Zones greatly reduces the likelihood(가능성) that both copies will concurrently(동시에) be affected by most types of disturbances.

RDS Snapshots: user-initiated backups of your instance. 스냅샷은 단순 백업이고 Multi-AZ을 통해 outomatic failover이 작동하도록 한다. 키워드: failover, primary database

38. You want to transfer 200 Terabytes of data from on-premises locations to the AWS Cloud, which of the following can do the job in a cost effective way?

단순 Terabyte가 나오면 Snowball이다. 훠얼씬 크게 Petabyte로 transfer data를 한다면 Snowmobile. 주의해야 한다.

100 Petabytes = 100,000 Terabytes

Snowball: a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Transferring data with Snowball is simple, fast, secure, and can cost as little as one-fifth the cost of using high-speed Internet.

In the US regions, Snowball appliances come in two sizes: 50 TB and 80 TB. All other regions have 80 TB Snowballs only.

Snowmobile: the service that can be used to transfer Exabyte-scale data from on-premises resources to AWS. a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. 

39. Your application requirements for CPU and RAM change rapidly these days. Which service can be used to dynamically adjust those resources based on demand?

트래픽 관련은 Auto Scaling이라고 했는데, CPU, RAM 역시 마찬가지이다. 비용은 on demend형식임을 기억하자. 트래픽 관련해서 ELB랑 헷갈릴 수 있지만 ELB는 트래픽 분배 정도로 생각하자.

Auto Scaling: allows you to automatically provision new resources to meet demand and maintain performance. When demand decreases Auto Scaling shuts down unused resources to reduce costs. It monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, you maintain optimal application performance and availability, even when workloads are periodic, unpredictable, or continuously changing. When demand spikes, AWS Auto Scaling automatically increases the compute capacity, so you maintain performance. When demand subsides, AWS Auto Scaling automatically decreases the compute capacity, so you pay only for the resources you actually need.

Elastic Load Balancing (ELB): used to distribute(분배하다) traffic automatically across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.

40. Which of the following would you use to manage your encryption keys in the AWS Cloud? (Choose two)

encryption keys 관련 서비스는 KMS, HSM이다.

Key Management Service (KMS): a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. AWS Key Management Service is integrated(통합적인) with most other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

Hardware security module (HSM): enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries.

Codecommit: a secure, highly scalable, managed source control service that makes it easier for teams to collaborate on code. AWS CodeCommit eliminates the need for you to operate your own source control system or worry about scaling its infrastructure. You can use AWS CodeCommit to store anything from code to binaries, and it works seamlessly with your existing Git tools. Git과 비슷한 서비스.

CodeDeploy: a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during deployment, and handles the complexity of updating your applications. You can use AWS CodeDeploy to automate deployments, eliminating the need for error-prone manual operations, and the service scales with your infrastructure so you can easily deploy to one instance or thousands.

Certificate Manager: a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

41. Your web application currently faces performance issues and suffers from long delays. Which of the following could help you in this situation?

X-Ray: a debugging service that helps developers understand how their application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. helps you identify performance bottlenecks(장애물). X-Ray’s service maps let you see relationships between services and resources in your application in real time. You can easily detect where high latencies are occurring, visualize node and edge latency distribution for services, and then drill down into the specific services and paths impacting application performance.

42. What is the maximum amount of data that can be stored in S3 in a single AWS account?

Virtually unlimited storage

total volume은 unlimited이지만 각각의 S3 objects는 0 byte - 5 terabytes이다.

43. Which of the following has the greatest impact on cost? (Choose two)

Compute, Storage and Data Transfer Out.

44. What purchasing option does AWS make available so you pay lower prices for compute resources?

RI는 항상 upfront payment와 함께 기억한다. 그리고 bidding은 사라졌다고 한다.

With Reserved Instances, you can save up to 75% over equivalent on-demand capacity. When you buy Reserved Instances, the larger the upfront payment, the greater the discount.

The ability to bid to get the lowest possible prices when purchasing compute instances: AWS has eliminated "bidding" in the new AWS Spot instance pricing model. The way the new pricing model works is that you just pay the Spot price that’s in effect for the current hour for the instances that you launch. It’s that simple. Now you can request Spot capacity just like you would request On-Demand capacity, without having to spend time analyzing market prices or setting a bid price. In the new model, the Spot prices are more predictable, updated less frequently, and are determined by the long-term supply and demand for Amazon EC2 spare capacity, not bid prices. Your Spot Instance runs whenever capacity is available and the maximum price per hour for your request exceeds the Spot price.

An example to illustrate: If the current AWS Spot price is $0.08 per hour and you set a maximum price of $0.17, you’ll pay $0.08 and you will lose the instances if the AWS Spot price rises above $0.17 or if capacity is no longer available. 그냥암기

45. Which of the following is not an AWS reservation model?

There are no reservations in S3. You pay for what you use.

available reservation models such as EC2 reserved instances, RDS reserved instances, ElastiCache Reserved Nodes, DynamoDB Reserved Capacity and Redshift Reserved Nodes.

46. Which service can you use to route(보내다) traffic to the endpoint that provides the best application performance for your users worldwide? 찍음

Transfer Acceleration을 주의해야 할 것은 Global Accelerator는 worldwide이고 Transfer Acceleration은 client-S3 bucket 간이다.

Global Accelerator: a networking service that improves the availability and performance of the applications that you offer to your global users. Today, if you deliver applications to your global users over the public internet, your users might face inconsistent availability and performance as they traverse through multiple public networks to reach your application. These public networks can be congested and each hop can introduce availability and performance risk. AWS Global Accelerator uses the highly available and congestion-free AWS global network to direct internet traffic from your users to your applications on AWS, making your users’ experience more consistent. To improve the availability of your application, you must monitor the health of your application endpoints and route traffic only to healthy endpoints. AWS Global Accelerator improves application availability by continuously monitoring the health of your application endpoints and routing traffic to the closest healthy endpoints.

AWS Global Accelerator는 로컬 또는 글로벌 사용자를 대상으로 애플리케이션의 가용성과 성능을 개선하는 서비스입니다. Application Load Balancer, Network Load Balancer 또는 Amazon EC2 인스턴스와 같이 단일 또는 여러 AWS 지역에서 애플리케이션 엔드포인트에 대한 고정된 진입점 역할을 하는 정적 IP 주소를 제공합니다.

AWS Global Accelerator는 AWS 글로벌 네트워크를 통해 사용자에서 애플리케이션으로 이어진 경로를 최적화하여 TCP 및 UDP 트래픽의 성능을 개선합니다. AWS Global Accelerator는 애플리케이션 엔드포인트의 상태를 모니터링하고 비정상적인 엔드포인트를 탐지해 30초 안에 정상 엔드포인트로 트래픽을 리디렉션합니다. 그냥암기

Transfer Acceleration: used to enable fast transfers of files over long distances between your client and an S3 bucket. You might want to use Transfer Acceleration on a bucket for various reasons, including the following:

1- You have customers that upload to a centralized bucket from all over the world.

2- You transfer gigabytes to terabytes of data on a regular basis across continents.

3- You are unable to utilize all of your available bandwidth(대역폭) over the Internet when uploading to Amazon S3.

DAX: a caching feature for use with Amazon DynamoDB - which is a NoSQL database - and the application specified uses a MySQL database. an in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second.

Data Pipeline: a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. AWS Data Pipeline helps you easily create complex data processing workloads that are fault tolerant, repeatable, and highly available. With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon RDS, Amazon DynamoDB, and Amazon EMR.

47. Select the services that are server-based: (Choose two) 그냥암기

Server-based services include: Amazon EC2, Amazon RDS, Amazon Redshift and Amazon EMR.

Serverless services include: AWS Lambda, AWS Fargate, Amazon SNS, Amazon SQS and Amazon DynamoDB.

48. Which of the following is NOT a factor when estimating the cost of Amazon CloudFront?

Amazon CloudFront charges are based on the data transfer out of AWS and requests used to deliver content to your customers. There are no upfront payments or fixed platform fees, no long-term commitments, no premiums for dynamic content, and no requirements for professional services to get started. There is no charge for data transferred from AWS services such as Amazon S3 or Elastic Load Balancing.

When you begin to estimate the cost of Amazon CloudFront, consider the following: 

- Traffic distribution: Data transfer and request pricing varies across geographic regions, and pricing is based on the edge location through which your content is served.   

- Requests: The number and type of requests (HTTP or HTTPS) made and the geographic region in which the requests are made.  

- Data transfer out: The amount of data transferred out of your Amazon CloudFront edge locations.

49. Which DynamoDB feature can be used to reduce the latency of requests to a database from milliseconds to microseconds?

DAX는 in-memory cache이기 때문에 latency는 자연히 적을 수 밖에 없다.

DAX: a fully managed, highly available, in-memory cache for DynamoDB that delivers performance improvements from milliseconds to microseconds – even at millions of requests per second. DAX adds in-memory acceleration to your DynamoDB tables without requiring you to manage cache invalidation, data population, or cluster management.

Memcached: an in-memory key-value store, originally intended for caching. The AWS offering for Memcached is Amazon ElastiCache Not DynamoDB.

50. You have migrated your application to AWS recently. How can you view all the information you need about the AWS costs applied to your account?

The AWS Cost & Usage Report is your one-stop shop for accessing the most detailed information available about your AWS costs and usage. The AWS Cost & Usage Report lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes.

CloudWatch: used to monitor the utilization of AWS cloud resources. a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields, or archive them securely for future analysis. By default, logs are kept indefinitely and never expire. You can adjust the retention(유지) policy for each log group, keeping the indefinite(무기한) retention, or choosing a retention periods between 10 years and one day.

51. Which statement best describes the AWS Pay-As-You-Go pricing model? 그냥암기

With AWS, you replace large capital expenses with low variable payments. 큰 비용을 여러 작은 비용으로 쪼갤 수 있다.

AWS does not require minimum spend commitments or long-term contracts. You replace large fixed upfront expenses with low variable payments that only apply based on what you use. For example, when using On-demand instances you pay only for the hours/seconds they are running and nothing more.

52. Which of the following resources are serverless? (Choose two)

Server-based services include: Amazon EC2, Amazon RDS, Amazon Redshift and Amazon EMR.

Serverless services include: AWS Lambda, AWS Fargate, Amazon SNS, Amazon SQS and Amazon DynamoDB.

Lambda: lets you run code without provisioning or managing servers. You pay only for the compute time you consume, and there is no charge when your code is not running. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code and Lambda takes care of everything required to run and scale your code with high availability. 

Fargate: a compute engine for deploying and managing containers, which frees you from having to manage any of the underlying infrastructure. With AWS Fargate, you no longer have to provision, configure, and scale clusters of virtual machines to run containers. AWS Fargate seamlessly integrates(통합하다) with Amazon ECS, so you can deploy and manage containers without having to provision or manage servers.

Elastic Container Service (ECS): the service that can be used to run and manage Docker containers in AWS. two modes: Fargate launch type (serverless) and EC2 launch type (server-based).

Fargate launch type allows you to run containers without having to manage servers or clusters.

EC2 launch type allows you to have server-level, more granular control over the infrastructure that runs your container applications.

53. The owner of an E-Commerce application notices that the computing workloads vary heavily from time to time(가끔). What makes AWS more economical than traditional data centers for this type of application?

AWS allows customers to launch and terminate EC2 instances based on demand. 그냥암기

On-Demand Instances have no contract commitment(약속? 의무?) and can be launched (or terminated) as needed. You are charged by the second based on an hourly rate and you pay only for what you use. This makes them ideal for applications with short-term or irregular workloads.

AWS allows customers to launch powerful EC2 instances to handle spikes in load: spike가 있다고 powerful EC2로 바꿔버리면 spike가 없을 때에도 비싼 요금을 내야 하기 때문에 오답이다.

54. What are some key benefits of using AWS CloudFormation? (Choose two)

Automates the provisioning and updating of your infrastructure in a safe and controlled manner.

Allows you to model your entire infrastructure in a text file.

CloudFormation: used to manage your entire infrastructure as code. Automating the deployment of your resources through scripts allows you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts, enabling configuration compliance and faster troubleshooting. 암기취약

The benefits of using AWS CloudFormation include:

1- CloudFormation allows you to model your entire infrastructure in a text file. This template becomes the single source of truth for your infrastructure. This helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting.

2- AWS CloudFormation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts. CloudFormation takes care of determining the right operations to perform when managing your stack, and rolls back changes automatically if errors are detected.

3- Codifying your infrastructure allows you to treat your infrastructure as just code. You can author it with any code editor, check it into a version control system, and review the files with team members before deploying into production.

4- CloudFormation allows you to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

Uses your scheme to build the application code quickly and easily: Building the application code is the responsibility of the customer not AWS. 

55. You are facing a lot of problems with your current contact center. Which service provides a cloud-based contact center that can deliver a better service for your customers?

Amazon Connect: a cloud-based contact center solution. Amazon Connect makes it easy to set up and manage a customer contact center and provide reliable customer engagement at any scale. You can set up a contact center in just a few steps, add agents from anywhere, and start to engage with your customers right away. Amazon Connect provides rich metrics and real-time reporting that allow you to optimize contact routing. You can also resolve customer issues more efficiently by putting customers in touch with the right agents. Amazon Connect integrates with your existing systems and business applications(아마 이 점 때문에 Direct Connect가 아닌 그냥 Connect가 답인 듯 싶다.) to provide visibility and insight into all of your customer interactions.

AWS Direct Connect: a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.

Elastic Beanstalk: an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain(유지하다) full control over the AWS resources powering your application and can access the underlying resources at any time. 그냥암기

Lightsail: provides a low cost VPS in the cloud.

56. Which of the following can be used to enable the Virtual Multi-Factor Authentication? (Choose two)

MFA

You can use either the AWS IAM console or the AWS CLI to enable a virtual MFA device for an IAM user in your account.

SNS: a fully managed pub/sub messaging service.

57. AWS provides the ability to create backups of any block-level Amazon EC2 volume. What is the name of this backup?

문제에 힌트가 다 나와 있던 질문이었다. backup, block-level, volume은 EBS밖에 없다. Image는 EC2 AMI에 관한 것이다.

The question asks for creating backups for any block-level Amazon EC2 volume. Amazon EC2 block-level volumes are either EBS volumes or instance store volumes. You can backup EBS volumes by creating EBS snapshots. Data in instance store volumes are not persistent and cannot be used to backup data. In order to backup instance store volumes you should also use EBS.

58.  Which of the following storage classes is most appropriate to be used for a popular e-commerce website with stable access patterns? 찍음

S3 Standard

In S3 we can only host static websites or static assets of a dynamic website (such as images, audio files, video files...etc).

A dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting and cannot be used to host dynamic websites. Amazon Web Services (AWS) has computing resources for hosting dynamic websites such as Amazon EC2 or Lambda.

S3 storage classes:

Standard: 자주 액세스하는 데이터를 위해 높은 내구성, 가용성 및 성능을 갖춘 객체 스토리지를 제공합니다. S3 Standard는 짧은 지연 시간과 많은 처리량을 제공하므로 클라우드 애플리케이션, 동적 웹 사이트, 콘텐츠 배포, 모바일 및 게임 애플리케이션, 빅 데이터 분석 등의 다양한 사용 사례에 적합합니다.

Intelligent-Tiering: 알 수 없거나 변화하는 액세스. 성능 영향 또는 운영 오버헤드 없이 가장 비용 효과적인 액세스 계층으로 데이터를 자동으로 이동하여 비용을 최적화하기 위해 설계되었습니다. 이 스토리지 클래스는 두 개의 액세스 계층에 객체를 저장하여 작동합니다. 한 계층은 빈번한 액세스에 맞게 최적화되고 저렴한 비용의 다른 한 계층은 빈번하지 않은 액세스에 맞게 최적화됩니다.

Standard-Infrequent Access(Standard-IA): 빈번하지 않은 액세스. 자주 액세스하지 않지만 필요할 때 빠르게 액세스해야 하는 데이터에 적합합니다. 장기 스토리지, 백업 및 재해 복구 파일용 데이터 스토어에 이상적입니다. 

One Zone-Infrequent Access(One Zone-IA): 빈번하지 않은 액세스. 자주 액세스하지 않지만 필요할 때 빠르게 액세스해야 하는 데이터에 적합합니다. 최소 3개의 가용 영역(AZ)에 데이터를 저장하는 다른 S3 스토리지 클래스와는 달리, S3 One Zone-IA는 단일 AZ에 데이터를 저장하며 비용이 S3 Standard-IA보다 20% 적게 듭니다. 가용성 및 복원력이 필요 없는 고객에게 적합합니다. 온프레미스 데이터 또는 쉽게 다시 생성할 수 있는 데이터의 보조 백업 복사본을 저장하는 경우 좋은 선택입니다. 

Glacier: 아카이브. 안전하고 내구력 있으며 저렴한 스토리지 클래스입니다.

• 여러 가용 영역에 걸쳐 99.999999999%의 객체 내구성을 제공하도록 설계
• 하나의 가용 영역 전체가 파괴되더라도 데이터 복원력 유지
• 전송 데이터를 위한 SSL 및 저장 데이터의 암호화 지원
• 장기 아카이브에 이상적인 저비용 디자인
• 몇 분부터 몇 시간까지 구성 가능한 검색 시간
• S3 Glacier에 직접 업로드하기 위한 S3 PUT API 및 객체의 자동 마이그레이션을 위한 S3 수명 주기 관리

Glacier Deep Archive: 가장 저렴한 비용의 스토리지 클래스이며 1년에 한두 번 정도 액세스할 수 있는 데이터의 장기 보관 및 디지털 보존을 지원합니다. 이 서비스는 규제 규정 준수 요건을 충족하기 위해 7-10년 이상 데이터 세트를 보관하는 고객(특히 금융 서비스, 의료, 공공 부문과 같이 엄격하게 규제되는 산업의 고객)을 위해 설계되었습니다.

59. What are some key advantages of AWS security? (Choose two)

Helps organizations to meet their compliance requirements

Save money

The Benefits of AWS Security include :

1- Keep Your Data Safe: The AWS infrastructure puts strong safeguards in place to help protect your privacy. All data is stored in highly secure AWS data centers.

2- Meet Compliance Requirements: AWS manages dozens of compliance programs in its infrastructure. This means that segments(부분) of your compliance have already been completed.

3- Save Money: Cut costs by using AWS data centers. Maintain the highest standard of security without having to manage your own facility.

4- Scale Quickly: Security scales with your AWS Cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe. 그냥암기

Performed Automatically: Some security procedures can be performed automatically by AWS such as applying the security patches of the managed services. However, AWS Security follows the shared responsibility model, where both the customer and AWS are responsible for securing the AWS environment.

60. Which of the following can help secure your sensitive data in Amazon S3? (Choose two)

Encrypt the data prior to uploading it.

Enable S3 Encryption.

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon data centers). You can protect data in transit by using SSL or by using client-side encryption.

Also, You have the following options of protecting data at rest in Amazon S3.

1- Use Server-Side Encryption – You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.

2- Use Client-Side Encryption – You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

61. Amazon RDS supports multiple database engines to choose from. Which of the following is not one of them?

Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server.

62. In order to keep your data safe, you need to take a backup of your database regularly. What is the most cost-effective storage option that provides immediate retrieval(회수, 반환) of your backups?

Database backup is an important operation to consider for any database system. Taking backups not only allows the possibility to restore upon database failure but also enables recovery from data corruption. Amazon S3 provides highly durable and reliable storage for database backups while reducing costs. Data stored in Amazon S3 can be retrieved immediately when needed.

EBS is not a cost effective choice compared to S3 in this use case.

63. What is the main benefit of the AWS Storage Gateway service?

It allows one to integrate on premises IT environments with Cloud Strage.

AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the AWS storage infrastructure. 그냥암기

64. An organization uses a hybrid cloud architecture to run their business, Which AWS service enables them to deploy their applications to any AWS or on-premises server?

질문에 힌트가 나와 있다.

CodeDeploy: a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during deployment, and handles the complexity of updating your applications. You can use AWS CodeDeploy to automate deployments, eliminating the need for error-prone manual operations, and the service scales with your infrastructure so you can easily deploy to one instance or thousands.

You can also use AWS OpsWorks to automate application deployments to any instance, including Amazon EC2 instances and instances running on-premises. OpsWorks is a service that helps you automate operational tasks like code deployment, software configurations, package installations, database setups, and server scaling using Chef and Puppet.

Kinesis: an analytics service that allows you to easily collect, process, and analyze video and data streams in real time.

Athena: an analytics service that makes it easy to analyze data in Amazon S3 instantly using standard SQL commands.

QuickSight: a fast business analytics service that can be used to deliver insights quickly to everyone in your organization.

65. What are the key design principles of the AWS Cloud? (Choose two)

Loose coupling

Disposable(일회용의) resources insted of fixed servers

The AWS Cloud includes many design patterns and architectural options that you can apply to a wide variety of use cases. Some key design principles of the AWS Cloud include scalability, disposable resources, automation(자동화), loose coupling, managed services instead of servers, and flexible data storage options. 그냥암기

Disposable resources instead of fixed servers: When designing for the cloud, you can think of servers and other components as temporary resources instead of fixed servers. This approach solves many problems that usually appear in traditional, on-premises environments. For example, changes and software patches applied through time to the same (fixed) server can result in untested and heterogeneous(다차원적) configurations across different environments. You can solve this problem in AWS with its immutable(불변의) infrastructure pattern. With this approach, If a problem happens with a server (EC2 instance), rather than updating, it is replaced with a new server containing the latest patches and configuration. This enables resources to always be in a consistent (and tested) state and makes rollbacks easier to perform.

Servers instead of managed services: AWS recommend to use managed services instead of servers. AWS offers a broad set of compute, storage, database, analytics, application, and deployment services that help organizations move faster and lower IT costs. Architectures that do not leverage that breadth (e.g., if they use only Amazon EC2) might not be making the most of cloud computing and might be missing an opportunity to increase developer productivity and operational efficiency. AWS managed services provide building blocks that developers can consume to power their applications. These managed services include databases, machine learning, analytics, queuing, search, email, notifications, and more. For example, with Amazon SQS you can offload the administrative burden of operating and scaling a highly available messaging cluster, while paying a low price for only what you use. Amazon SQS is also inherently scalable and reliable. The same applies to Amazon S3, which enables you to store as much data as you want and access it when you need it, without having to think about capacity, hard disk configurations, replication, and other related issues.

전체 문제를 훑고 반복되는 개념이 있었는데도 안 외워지는 서비스들이 있다.

Which of the following AWS service can be used as a compute resource?

What are compute resources in AWS?

Which of the following are computing services provided by AWS?

Which of the following is a compute service?