Download AWS CCP Complete Questions With Complete Solutions and more Exams Computer Graphics in PDF only on Docsity! AWS CCP Complete Questions With Complete Solutions Cloud Computing - correct answer The practice of using a network of remote servers hosted on the internet to store, manage, and process data and applications Advantages of Cloud ( DEVS GC) - correct answer 1) Stop spending money running and maintaining data centers 2) Benefits from massive economies of scale 3)Trade fixed for variable expense 4) Increase speed and agility 5) Go global in minutes 6) Stop guessing capacity Stop spending money on running and maintaining data centers: Advantages of Cloud (DEVS GC) - correct answer Benefit of focusing on your customers and applications instead of focusing on infrastructure and servers Massive Economies of scale: Advantages of Cloud (DEVS GC) - correct answer Share the cost with other customers to get unbeatable cost savings AWS CCP Complete Questions With Complete Solutions Exchange fixed cost for variable costs: Advantages of Cloud(DEVS GC) - correct answer Pay only when consuming resources; on demand vs in investing before knowing the demand Go global in minutes: Advantages of Cloud (DEVS GC) - correct answer Deploy application in multiple locations around the world, with low latency. Increase speed and agility: Advantages of Cloud (DEVS GC) - correct answer Cloud makes it easier to develop and deploy applications, allowing your teams more time to experiment and innovate Stop guessing capacity: Advantages of Cloud (DEVS GC) - correct answer Scale up or down to meet the current need, and don't waste resources Benefits of Cloud (FEC RSS) - correct answer 1) Flexible 2) Easy to use 3) Cost Effective 4) Reliable 5) Scalable and high performance AWS CCP Complete Questions With Complete Solutions Shared Hosting - correct answer One physical Machine, Shared by hundred of businesses relies on most tenants under-utilizing their resources. Cheap, limited functionality, and poor isolation Cloud Hosting - correct answer Multiple physical systems that act as one system, and abstracted into multiple cloud services Flexible, scalable, secure, cost effective, high configurability 3 Types of Cloud Deployment Strategies - correct answer - Cloud Deployment (public cloud) - On prem (private cloud) - Hybrid Cloud Cloud based deployment - correct answer - All applications are on the cloud - Migrate existing applications to the cloud - Design and build new applications to the cloud - Can be lower level IaaS instead of PaaS or SaaS AWS CCP Complete Questions With Complete Solutions Private Cloud - correct answer - Deploy using virtualization and resources management tools - Increase resource utilization by using application management and virtualization Hybrid cloud - correct answer - Connect cloud resources to on prem infrastructure -Integrate cloud base resources with legacy IT apps Cross Cloud - correct answer Multiple clouds utilized together, to use the best cloud for the workload EX. AWS EC Anywhere (customers to deploy native Amazon ECS tasks in any environment), AWS EKS anywhere, Google Anthos, Azure Arc, etc. Core IAAS Components (4) - correct answer 1) Compute: 2) Networking: 3) Storage: 4) Databases: AWS CCP Complete Questions With Complete Solutions Compute: Core IAAS Components (4) - correct answer virtual computer that can run applications, programs, and code EX. E3 or Bracket for Quantum computing Networking: Core IAAS Components (4) - correct answer a virtual network that allows you to define internet connections or network isolations Storage: Core IAAS Components (4) - correct answer a virtual hard drive that can store files Database: Core IAAS Components (4) - correct answer a virtual database for storing and reporting data or databases for general purpose web applications. It is easily accessed, managed, and updated Evolution of computing (4) - correct answer 1) Dedicated 2) Virtual Machine 3) Containers 4) Functions AWS CCP Complete Questions With Complete Solutions - You upload a piece of code, choose the amount of memory and duration. - Only responsible for code and data, nothing else - Very cost-effective, only pay for the time code is running, VMs only run when there is code to be executed -Cold Starts is a side-effect of this setup Serverless Databases Ex, AWS Aurora Serverless - correct answer It automatically starts up, shuts down, and scales capacity up or down based on your application's needs. You can run your database on without managing database capacity. Type of Cloud Computing (3) - correct answer 1) SaaS 2) PaaS 3) IaaS SaaS - correct answer Completed projects managed by a service provider. Easy to use and comes complete with a user interface. Least flexibility PaaS - correct answer Provides a platform allowing customers to develop, run, and manage applications AWS CCP Complete Questions With Complete Solutions without the complexity of building and maintaining the infrastructure -Less flexibility than IaaS because of pre-constructed packages. IaaS - correct answer Most basic building blocks of cloud IT infrastructure. -It has the most flexibility and management control of all the different cloud computing models. -It is the closest to having a traditional on-premises data center. AWS Global Infrastructure - correct answer The resources owned by AWS around the globe and act as a single large resource physically networked together AWS Region - correct answer Primary Location to (Geographical Area) made of 2 or more availability zones (1 or more data centers in different building, but have <10ms latency between them ), fully redundant AWS CCP Complete Questions With Complete Solutions -Physically isolated from and independent of every other region (power, location, and water supply) AWS Region Considerations (4) - correct answer 1) What Regulatory compliance does this region meet? 2) What is the cost of AWS services in this region 3) What services are available 4) What is the distance or latency to my end users Fault Tolerance - correct answer Each availability zone is an independent failure zone/fault domain Failure Zone (AWS term for fault domain) - correct answer - Availability zones are isolated, but are connected to other AZ in the region -AZ are physically separated, in a low flood risk pain -Use uninterruptible power supply (UPS) and onsite backup generation facilities -Data centers located in different AZ are supplied by independent substations to reduce risk of a PowerGrid issue impacting more than one AZ AWS CCP Complete Questions With Complete Solutions Virtual private cloud (VPC) - correct answer a subset of a public cloud that has highly restricted, secure access using VPNs, private ip subnets, VLAN Edge locations as on ramps - correct answer AWS Global Accelerator, S3 Transfer Acceleration - uses edge locations was onramps to reach AWS resources in other regions by traversing the fast AWS global network Edge locations as off ramps - correct answer Amazon CloudFront (CDN) uses edge locations as off ramp to provide at the edge storage and compute near the end user Points of Presence (PoP) - correct answer intermediate locations between an AWS Region and the end-user, and this location could be a datacenter or collection of hardware. -Owned by aws or trusted partner and utilize for content delivery or expediated upload AWS CCP Complete Questions With Complete Solutions -PoP resources include edge locations and regional edge caches Regional Edge Caches - correct answer Data centers that hold much larger caches of less popular files to reduce a full round trip and also reduce the cost of transfer fees AWS Connection to Tier 1 network - correct answer Can reach every other network on the internet without purchasing IP transit or paying for peering, all AWS AZ are redundantly connected to multiple tier 1 transit providers Tier 1 network - correct answer -ISPs are at the top of the hierarchy and they have a global reach they do not pay for any internet traffic through their network -Lower-tier ISPs have to pay a cost for passing their traffic from one geolocation to another which is not under the reach of that ISPs. Tier 2 Network - correct answer Similar to tier 1, but pays tier 1, and has a similar for tier 3 as that of tier 1 and 2. They are at the regional or country reach. AWS CCP Complete Questions With Complete Solutions Similar level ISPs allow free traffic passes to each other. AWS services uses PoP for content delivery and expediated upload (3) - correct answer 1) AWS Cloud Front 2) AWS S3 Transfer Acceleration 3) AWS Global accelerator AWS Cloud Front (CDN) - correct answer -Point your website to Cloudfront so it can route requests to the nearest edge location cache -Allows to choose an origin (web server or storage) that will be source of cashed -Cashes the contents of what origin would return to various edge locations around the world AWS S3 Transfer Acceleration - correct answer generate a special URL that end users use to upload files to a nearby edge location -Once in the edge location it can move much faster within the AWS network to reach S3 AWS CCP Complete Questions With Complete Solutions Compliance Boundaries - correct answer A regulatory compliance (legal requirement) by a government or organization that describes where data and cloud resources are allowed to reside Data Sovereignty - correct answer Data Sovereignty is the jurisdictional control or legal authority that can be asserted over data because its physical location is within jurisdictional boundaries Methods to meet data residency requirements - correct answer -AWS Config -AWS Outpost -IAM policies AWS Config - correct answer -is a Policy as Code service. -You can create rules to continuous check AWS resources configuration -If they deviate from your AWS CCP Complete Questions With Complete Solutions expectations, you are alerted, or auto remediate. IAM Policies - correct answer can be written explicitly deny access to specific AWS Regions. A Service Control Policy (SCP) are permissions applied organization wide. AWS Outposts - correct answer physical rack of servers that you can put in your data center fully managed service to provide an AWS experience. Your data will reside whenever the Outpost Physically resides AWS for government - correct answer AWS achieves this by meeting regulatory compliance programs along with specific governance and security controls PIPEDA (Personal Information Protection and Electronic Documents Act) - correct answer It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. AWS CCP Complete Questions With Complete Solutions FIPS 140-3 (Federal Information Processing Standard Publication) - correct answer U.S. government (NIST) computer security standard used to approve cryptographic modules AWS has special regions for US regulation called GovCloud - correct answer Isolated region to run fedramp workloads FEDRAMP: Federal Risk and Authorization Management Program - correct answer US government wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. AWS GovCloud Regions - correct answer Controlled Unclassified Information andother types of regulated workloads. AWS In China - correct answer AWS China is completely isolate intentionally from AWS Global to meet regulatory compliance AWS CCP Complete Questions With Complete Solutions -Verticals scaling - larger severs -Horizontal Scaling - more similar size servers Elastic Load Balancer - correct answer allows you to evenly distribute traffic to multiple servers If a datacenter or server becomes unavailable (unhealthy) the load balancer will route the traffic to only those available 2) Availability: Considerations for Cloud Architects (5) (SAFED) - correct answer Your ability to ensure a service remains available eg. Highly Available (HA) -No single point of failure and or ensure certain level of performance; minimal downtime Ex. Using an elastic load balancer service and running workloads across multiple AZ AWS CCP Complete Questions With Complete Solutions Fail-over - correct answer when you have a plan to shift traffic to a redundant system in case the primary system fails RDS Muilti AZ - correct answer Run duplicate standby db in another AZ in case the primary fails 3) Fault tolerance: Considerations for Cloud Architects (5) (SAFED) - correct answer Your ability for your service to ensure there is no single point of failure. Preventing the chance of failure, zero down time A common example is having a copy (secondary) of your database where all ongoing changes are synced. Auto scaling groups (ASG) - correct answer AWS feature that will automatically add or remove servers based on scaling rules you define based on metrics AWS CCP Complete Questions With Complete Solutions 4) Elasticity : Considerations for Cloud Architects (5) (SAFED) - correct answer Your ability to automatically increase or decrease your capacity based on the current demand of traffic, memory and computing power Cloud Endure Disaster Recovery - correct answer continuously replicates your machines into a low-cost staging area in your target AWS account and preferred Region enabling fast and reliable recovery 5) Disaster Recovery/High durable: Considerations for Cloud Architects (5) (SAFED) - correct answer Your ability to recover from a disaster and to prevent the loss of data Solutions that recover from a disaster is known as Disaster Recovery (DR) • Do you have a backup? • How fast can you restore that backup? • Does your backup still work? • How do you ensure current live data is not corrupt? AWS CCP Complete Questions With Complete Solutions -Deploy resources after event 2) Pilot Light (10 minutes) - correct answer Data is replicated to another region with the minimal services running -Less stringent RTO and RPO -Core services -Start and scale resources after event 3) Warm Standby (minutes) - correct answer Scaled down copy of your infrastructure running ready to scale up -Business critical services -Scale resources after event 4) Multi-site active (real time) - correct answer Scaled up copy of your infrastructure in another AWS CCP Complete Questions With Complete Solutions region -Zero downtime -near zero loss -Mission critical services What is an Application Programming Interface (API)? - correct answer An API is software that allows two applications/services to talk to each other. AWS API (HHTP based) - correct answer Rarely do users directly send HTTP requests directly to the AWS API. Its much easier to interact with the API via a variety of Developer Tools Shared Responsibility Model is a - correct answer cloud security framework that defines the security obligations of the customer versa the Cloud Service Provider (CSP) - correct answer AWS CCP Complete Questions With Complete Solutions Types of cloud computing responsibility - correct answer Compute Shares responsibility Model - correct answer - correct answer - correct answer Architecture of Shared responsibility model - correct answer Elastic Compute Cloud (EC2) - correct answer launch VM instances with full customization from physical level and above AWS Machine Image (AMI) - correct answer predefined config of VM AWS Computing Services (3) - correct answer 1) VM 2) Containers AWS CCP Complete Questions With Complete Solutions Docker containers - correct answer Unlike virtual machines (VMs) which each have a complete copy of a guest operating system, container isolation is done on the kernel level without the need for a guest operating system. In addition, libraries can be across containers, so it eliminates the need to have 10 copies of the same library on a server, further saving space. difference between the two is that Docker is about packaging containerized applications on a single node and Kubernetes is meant to run them across a cluster. Since these packages accomplish different things, they are often used in tandem. AWS High Performance Computing Services (2) - correct answer cluster of 100s-1000s of servers with fast connections between each of them with the purpose of boosting computing capacity. When you need a supercomputer to perform computational problems to large to fix on a standard computers or would take to long. 1) Nitro System 2) EC2, Parallel Cluster, Batches AWS CCP Complete Questions With Complete Solutions AWS Parallel Cluster - correct answer Cluster management tool that makes it easy for you to deploy and manage High Performance Computing (HPC) clusters on AWS. Nitro system - correct answer A combination of dedicated hardware and lightweight hypervisor enabling faster innovation and enhanced security. All new EC2 instance types use the Nitro System. Traditional Hypervisor vs Nitrosystem - correct answer Traditionally, hypervisors protect the physical hardware and bios, virtualize the CPU, storage, networking, and provide a rich set of management capabilities. With the Nitro System, we are able to break apart those functions, offload them to dedicated hardware and software, and reduce costs by delivering practically all of the resources of a server to your instances. AWS Nitro hardware components (5) - correct answer 1) Nitro cards; specialized for VPC, EBS, instance storage, and controller cards AWS CCP Complete Questions With Complete Solutions 2) Nitro security chips; Integrated into motherboard. Protects hardware resources. 3) Nitro hypervisor; lightweight hypervisor that manages memory, CPU allocation and delivers bare metal level performance 4) Nitro Enclaves; isolated compute environments to further protect and securely process highly sensitive data 5) Nitro TPM; trusted platform module, allowing for EX2 instances to generate, store, and use keys without having access to them Baremetal - correct answer EC2 instance with no hypervisor running workloads directly; max performance and control and uses Bottlerocket Bare metal instances allow EC2 customers to run applications that benefit from deep performance analysis tools, specialized workloads that require direct access to bare metal infrastructure, legacy workloads not supported in virtual environments, and licensing- restricted Tier 1 business critical applications. AWS CCP Complete Questions With Complete Solutions AWS Local Zones - correct answer edge data centers outside of a region to allow for AWS closer to the end destination. Used for faster computing, storage, databases, in populated areas outside of an AWS region Cost Management - correct answer How to save money Capacity management - correct answer to meet demand of traffic and usages through adding or upgrading servers Cost management/saving money methods (4) - correct answer 1) EC2 spot instances, reserved instance, and savings plan 2) AWS batch 3) AWS compute optimizer 4) EC2 Autoscaling Groups (ASG) AWS CCP Complete Questions With Complete Solutions EC2 Spot instances up to 90% off - correct answer allow you to bid on spare Amazon EC2 computing capacity; up to 90% cheaper than EC2 EC2 and Baremetal Reserved Instances (RI) Up to 75% off (Futures contract) - correct answer Billing discount that applies to normal EC2 on demand pricing; BASICALLY AN FUTURES CONTRACT for 1-3 years Pay up to have the right to use up to a certain capacity of on demand EC2 resources per month at a discounted rate and more is the normal rate, you are charged for the instance regardless if you use the capacity or not; There must be available on demand EC2 that meets the criteria Saving Plans up to 72% off (Option contract; discounts for up to maximum post discount value/hour) - correct answer You enter into a contract 1 or 3 year, and either no upfront, partial, or fully upfront will allow you to get a certain price with a specific usage commitment for up to a certain amount of $$$/hour used AWS Cost Explorer - correct answer AWS CCP Complete Questions With Complete Solutions 3 Types of Saving Plans - correct answer 1) EC2 Instance Savings Plan (72% off); region and instance family locked 2) Compute Savings Plan (66% off); less savings since it applies to EC2, Lambda, and Fargate; for any region or instance family 2) Sagemaker savings plan (64% off); When to use Reserved Instance vs Savings Plan - correct answer - Savings plan for systems prone to usage changes -Reservations for systems where at least 75% of the booking is used consistently Savings Plan Formula - correct answer 1) For Usage Below Post Discounted Cost per hour of contract; ex. $50/hour contract, $40/hour on demand usage -> apply discount to everything AWS CCP Complete Questions With Complete Solutions Ex. Pay for a minimum spend post discount of $100/month, anything above 100/month is normal pricing Types of Storage Services (3) - correct answer 1) Elastic Block Store (EBS) - Blocks 2) AWS Elastic File Storage (EFS) - File 3) Amazon Simple Storage Service (S3) - Object Elastic Block Store (EBS) - Block Storage - correct answer -Data is split into evenly split blocks -Directly accessed by the Operation System -Supports only a single write volume (drive partition) -Persistent storage Use case: when you need a virtual hard drive attached to a VM Elastic File Storage (EFS) - File - correct answer - File is stored with data and metadata AWS CCP Complete Questions With Complete Solutions -Multiple connections via a network share -Supports multiple reads, writing locks the file Use case: when you need a file share where multiple user or VM need to access the same drive Simple Storage Service (S3) - Object - correct answer - Object is stored with data, metadata, unique ID - Scales with limited no file limit storage limit - Supports multiple reads and writes (no locks) Use case: when you just want to upload files, and not have to worry about underlying infrastructure, and not intended for high IOPs Data storage architecture (3) - correct answer 1) Object based Storage: 2) File System: 3) Block Storage: AWS CCP Complete Questions With Complete Solutions Object Based storage - correct answer -Store their data in its native format -Objects identified by the hashed output of the object or some unique identifier -Mostly, objects are kept in a single, large, flat namespace without any hierarchy or tree structure -These flat namespaces enable the massive scalability inherent in object storage systems -metadata is stored in metadata servers and file data is stored in object storage servers. -File system client software interacts with the distinct servers, and abstracts them to present a full file system to users and applications. Object Storage Pros - correct answer -Handles large amounts of unstructured data AWS CCP Complete Questions With Complete Solutions File Storage Cons - correct answer -Challenging to manage and retrieve large numbers of files: -Hard to work with large amounts unstructured data: -Becomes expensive at large scales: File Storage Use cases - correct answer -Collaboration of documents: Backup and recovery: Cloud backup and external backup devices typically use file storage for creating copies of the latest versions of files. Archiving: Because of the ability to set permissions at a file level for sensitive data and the simplicity of management, many organizations use file storage for archiving documents for compliance or historical reasons. File Storage Pros - correct answer -Easy to access on a small scale: -Familiar to most users: -Users can manage their own files: AWS CCP Complete Questions With Complete Solutions -Allows access rights/file sharing/file locking to be set at user level: Block Storage Pros - correct answer - Fast: When all blocks are stored locally or close together, block storage has a high performance with low latency for data retrieval, making it a common choice for business-critical data. -Reliable: Because blocks are stored in self-contained units, block storage has a low fail rate. Easy to modify: Changing a block does not require creating a new block; instead, a new version is created. Block Storage Cons - correct answer -Lack of metadata: Block storage does not contain metadata, making it less usable for unstructured data storage. -Not searchable: Large volumes of block data quickly become unmanageable because of limited search capabilities. AWS CCP Complete Questions With Complete Solutions -High cost: Purchasing additional block storage is expensive and often cost-prohibitive at a high scale. Block Storage Use cases - correct answer -Databases: block storage has a high performance and is easily updatable, many organizations use it for transactional databases. Email servers: High performance and reliability make block storage a common solution for storing emails. Virtual machine file system (VMFS) volumes: With block storage, you can easily create and format a block-based storage volume to store the VMFS. A physical server can then attach to that block, creating multiple virtual machines. What's more, creating a block-based volume, installing an operating system and attaching to that volume enables users to share files using that native operating system. AWS S3 - object based storage - correct answer - Unlimited storage - Serverless storage service AWS CCP Complete Questions With Complete Solutions -Availability (is 99.5%). but cheaper than Standard IA by 20% less (Reduce durability) -Data could get destroyed. -A retrieval fee is applied. 5) S3 Glacier - correct answer - Long term cold storage -Retrieval can take minutes to hours -Very cheap storage 6) S3 Glacier Deep Archive - correct answer -Lowest cost storage -12 hours to retrieve data AWS Snow Family (3) - correct answer Storage and compute devices used to physically move data in or out of the cloud AWS CCP Complete Questions With Complete Solutions -When moving data over the internet or private connection is too slow, difficult, or not secure enough, or costly. 1) Snowcone 2) Snowball edge 3) Snowmobile Snowcone - correct answer 2 Sizes; 8TB of HHD (hybrid hard drive; both HD and SSD) or 14Tb of SSD Snowball Edge - correct answer Comes in devices optimized for computing or pure storage; 1) Compute optimize; 39.5TB Access to powerful compute and high-speed storage for data processing before transferring it into AWS. 2) Storage Optimized; 80TB AWS CCP Complete Questions With Complete Solutions Securely and quickly transfer dozens of terabytes to petabytes of data to AWS. It is also a good fit for running general purpose analysis Snowmobile - correct answer 100PB of storage AWS Storage Services - correct answer Storage gateway - correct answer Hybrid cloud storage, with local cashing, expand on prem storage capacity to the cloud File Gateway - correct answer extends your local storage to AWS S3 Volume Gateway - correct answer caches your local drives to S3 so you have a continuous backup of local files in the cloud Tape Gateway - correct answer stores files onto virtual tapes for backing up your files on very cost-effective long-term storage. AWS CCP Complete Questions With Complete Solutions Enterprise/Hybrid Networking Services - correct answer 1) Direct Connect 2) Virtual Private Network 3) PrivateLinks (Virtual Private Cloud Interface Endpoint) Direct Connect - correct answer Dedicated network connection from on prem to AWS, low bandwidth 50- 500mbs, and high bandwidth 1-10gbs VPN - correct answer secure connection to your AWS network; - Site to site VPN: connecting on premise to your AWS network -Client VPN: to connect user clients to the AWS network Private Links - correct answer Keeps traffic within the AWS network, and not traverse the internet to keep traffic secure AWS CCP Complete Questions With Complete Solutions Network Access Control List (NACLs) vs Security Groups - correct answer NACLs: virtual firewall at the subnet level, with allow and deny rules; ie block specific IP known for spam Security group: virtual firewall at the instance level, and implicitiy denies all traffic; create allow rules; allow an EC2 instance access on port 22 for SSH, but you can't a single IP address NACLS VS Security Groups . . . . . - correct answer Secure Shell (SSH) - correct answer network communication protocol that enables two computers to communicate Route 53 - correct answer Register or manage domains you've registered with other providers AWS CCP Complete Questions With Complete Solutions -Allowing AWs to manage the domain, you can reroute traffic using routing policies (ex. based on ip address to go to subdomain in that language), applying health checks to alert you of the webapp, etc. Route 53 can route to various AWS services via Alias record (they can detect ID changes and continually keep that end point pointed to the correct resource) Databases - correct answer data store for not structured, semi-structured and structured data -Requires more complex data stores and requires formal modeling/modeling techniques -Rich in quering data, modeling strategies to optimize retrieval, more fine tune control over the transformed data into useful reports or strucutres Database types - correct answer Relational Databases: structured data that represents tabular data; row, table, columns AWS CCP Complete Questions With Complete Solutions Uses object storage for unlimited scale; unlike data warehouses, which must have the schema defined beforehand which limits what can be analyzed, Data lakes define the schema at the time of analysis allowing for new insights to be uncovered; data mining it Data Lake vs Data Warehouse - correct answer Data Lakehouse - correct answer -combines elements of the data warehouse with those of the data lake -Data lakehouses implement data warehouses' data structures and management features for data lakes, which are typically more cost-effective for data storage Column data store - correct answer Key value Store - correct answer non relational database (NoSQL) that uses key value to store value; think of Python dictionaries -unique key followed by the value AWS CCP Complete Questions With Complete Solutions "thisdict (key) = { "brand": "Ford", "model": "Mustang", "year": 1964}"(value) -Very basic, scalable, but fast, no aggregation, indexes, or relationships Document store - correct answer NonSQL database that stores documents as its primary data strucutre, document could be in JSON, JSON like, XML etc. Is a subset of key/value stores, but instead of values it stores the document Non SQL DB AWS Services (3) - correct answer 1) Dynamo DB 2) Document DB 3) Amazon Keyspace Dynamo DB: AWS CCP Complete Questions With Complete Solutions Non SQL DB AWS Services (3) - correct answer Serverless NoSQL key/value and document database -Designed to scale to billions of records with guaranteed consistent data return in at least a second -AWS's flagship database service; scales, is cost effective and very fast -Amazon.com moved from oracle to DynamoDB with 75PB of data; and reduced costs by 60% and latency by 40% Document DB: Non SQL DB AWS Services (3) - correct answer MongoDB compatible MongoDB is very popular NoSQL among developers. There were open-source licensing issues around using open-source MongoDB, so AWS got around it by just building their own MongoDB database. AWS CCP Complete Questions With Complete Solutions Data centre must be using VMware for server virtualization -automates database provisioning, operating system and database patching, backup, point-in-time restore, instance scaling, instance health monitoring, and failover. Redshift: AWS Other Database Services (6) - correct answer petabyte size data warehouse for OLAP; structure and semi structured Focuses on speed for complex queries x3 performance compared to other cloud data warehouses Elasticache: AWS Other Database Services (6) - correct answer managed database using in memory and cashing db; redis or memcashed When you need to improve the performance of an app by adding a cashing layer in front AWS CCP Complete Questions With Complete Solutions Neptune: AWS Other Database Services (6) - correct answer Managed graph database, data is represented as interconnected nodes When you need to understand the connections between data, ex. social media relationships, and association analysis Amazon Timestream: AWS Other Database Services (6) - correct answer fully managed time series database, makes it easy to store and analyze trillions of events per day up to 1,000 times faster and at as little as 1/10th the cost of relational databases. lifecycle of time series data by keeping recent data in memory and moving historical data to a cost optimized storage tier Amazon Quantum Ledger Database: AWS Other Database Services (6) - correct answer fully managed ledger database that provides transparent, immutable, and graphically variable transaction logs AWS CCP Complete Questions With Complete Solutions Database Migration Service (3): AWS Other Database Services (6) - correct answer 1) on prem db to AWS 2) AWS db to another AWS db using different SQL engines 3) SQL to NoSQL database AWS Other Database Services (6) - correct answer 1) Redshift 2) Elasticache 3) Neptune 4)Amazon Timestreams 5) Amazon Quantum Ledger 6) Database migration service (DMS) EC2 customization (4) - correct answer 1) OS Customization AWS CCP Complete Questions With Complete Solutions Starting with C Memory Optimized (RAM): EC2 Instance Families (5) - correct answer Fast performance workloads with large data sets in memory (RAM) Use cases for in memory cashes, in memory databases, streaming big data analytics Start with R, X, Z, and High memory Accelerated Optimized (Hardware accelerators and co processers): EC2 Instance Families (5) - correct answer Uses hardware accelerators or co-processers Start with P,G, F, INF, VT Use case for ML, computational finance, NLP, seismic analysis, etc. AWS CCP Complete Questions With Complete Solutions Hardware Accelerators - correct answer Decoupled from the processor, and specialize in certain tasks; ex. GPU, cryptography chips, AI accelerator chips, etc... Co-Processors - correct answer Part of the processor, these are outside of the main processors and focus on specific purpose computations and so that the main processor can focus on its tasks Ex. FPU; floating point unit specializing in calculating floating point calculations to send to the main CPU Storage Optimized: EC2 Instance Families (5) - correct answer focus on high sequential read and write, and access to very large data sets on local storage. Optimized to deliver tens of thousands of low-latency, random I/O operations per second (IOPS) to applications. Use case for /O intensive and business-critical workloads such as SQL, NoSQL, in memory or transactional databases, dataware houses, data analytics etc. AWS CCP Complete Questions With Complete Solutions Start with I, D, and H Common Pattern for EC2 Instance types - correct answer Nano Micro Small Medium Xlarge 2xlarge 4xlarge 8xlarge etc. Each change will generally double in price and key attributes EC2 Tenancy (3) - correct answer Default Dedicated Instance Dedicated Host Normal EC2 Instance - correct answer Launches from a shared pool of shared resources that is in use by all AWS CCP Complete Questions With Complete Solutions of sockets, CPU or GPU cores, host ID, etc which is required for bring your own license models vs non Dedicated Host vs Dedicated Instance Isolation Affinity between host and instances - correct answer Consistency to deploy the instances to the same physical server vs no control Dedicated Host vs Dedicated Instance Isolation Targeted instance placement - correct answer Additional control over what host your instance/VPC is running on Dedicated Host vs Dedicated Instance Isolation Add capacity using allocation requests - correct answer Yes, vs no EC2 pricing Models (5) - correct answer 1)On demand - least commitment 2) Spot - cheapest 90% off 3) Reserved - best long term 75% off 4) Savings plan - second best long term with additional flexibility 72% off 5) Dedicated - most expensive AWS CCP Complete Questions With Complete Solutions 1)On demand -least commitment - correct answer -Low cost and flexible -Pay per hour -Short term, spiky, and unpredictable workloads -Good for new app development or run an experiment -No upfront costs or long term contract 2) Spot - cheapest 90% off - correct answer -Request spare computing capacity -Flexible start and end times -Can handle interruptions of server -For non-critical background jobs, as the spot instance can be terminated if needed by another customer -Options for load balancing work loads, flexible work loads (CI/CD jobs, or running batch jobs), or big data workloads Batch jobs are an easy and convenient way to use spot pricing AWS CCP Complete Questions With Complete Solutions 3) Reserved - best long term 75% off - correct answer - Steady and predictable usage -Minimum of using all resources for at least 75% of the time -Can result to unused instances -1 to 3 year contracts; longer contract higher saving Reserved instance types (2) - correct answer Standard 75% off - can modify RI attributes (instance family, region, dedicated or not, and platform) but can't be exchanged but it can be sold on the RI market place Convertible (54% off) - can exchange for a convertible RI based on Ri attributes of equal or higher value. Can't be bought or sold on the RI market place Reserved Instance payment options - correct answer Upfront: full payment at the start of the term Partial: portion of the cost must be paid upfront and the remaining hours in the term are billed at a discounted hourly rate AWS CCP Complete Questions With Complete Solutions Zero Trust Model/Architecture - correct answer trust no one, verify everything, instead of just a primary security perimeter that is network centric this model is all about the identity centric way. Identity cententric augments the network-centric way Primary security perimeter - correct answer The primary or new security perimeter defines the first line of defense and its security controls that protect a company's cloud resources and assets Network centric (old way) - correct answer traditional security focused on firewalls and VPNs since there were few employees or workstations outside the office or they were in specific remote offices. Identity Centric way - correct answer Bring your own device, remote work stations are more common and we can't trust people are in secure locations AWS CCP Complete Questions With Complete Solutions Identity based security; ex. MFA, or risk based authentication Zero Trust on AWS - correct answer AWS does not have ready to use identity controls that enable zero trust, but can be done with third parties or use a combination of services to do so AWS identity and access management (IAM) tools (4) - correct answer 1) IAM Policies 2) Permission boundaries 3) Service control policies (organization wide) 4) IAM policy conditions IAM Policies JSON format; - correct answer manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines its permissions. AWS CCP Complete Questions With Complete Solutions Anatomy of an IAM Policy JSON Document - correct answer -Version policy language version -Statement container -Sid (optional) -Effect -Action -Principal account, user, role, etc. -Resource -Condition (optional) IAM Permissions - correct answer Authorization controls for API actions are represented in the IAM policy json Permission Boundaries - correct answer -permissions boundaries for IAM entities (users or roles) -an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity AWS CCP Complete Questions With Complete Solutions Well known directory services - correct answer - Domain name service (DNS) - the directory service for the internet -Microsoft active directory -Apache directory server -Oracle internet directory (OID) -OpenLDAP -Cloudidentity -Jumpcloud Active Directory Domain Services (AD DS) - correct answer Gives organizations the ability to manage multiple on prem-infrastructure components and systems using identity per user AWS CCP Complete Questions With Complete Solutions OU=organizational unit OU can contain objects such as user accounts, groups, computers, printers, applications, file shares, and other OUs Identity Providers (idP) - correct answer A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to applications within a federation or distributed network A trusted provider of your user identity that lets you use to authenticate to access another service such as Facebook, Amazon, Google, Twitter, Github, LinkedIn Federated identity - correct answer is a method of linking a user's identity across multiple separate identity management systems SSO is part of the broader Federated ID model Single Sign On (SSO)) - correct answer is an authentication scheme that allows a user to log in with a AWS CCP Complete Questions With Complete Solutions single ID and password to different systems and software. SSO allows IT departments to administrator a single identity that can access many machines and cloud services. Login for SSO is seamless, where once a user is logged into their primary directory, as soon as they utilize this software, they are presented with a login screen AWS Single Sign On (AWS SSO) - correct answer where you create or connect, your workforce identities in AWS once and manage access centrally across your AWS organization. Federated Identity Management (FIM) vs Single Sign On (SSO) - correct answer SSO is designed to authenticate a single credential across various systems within one organization Federated identity management systems offer single access to a number of applications across various enterprises AWS CCP Complete Questions With Complete Solutions Multifactor authentication - correct answer Using multiple categories of factors across something you know, something you have, and something you are. Ideally you use different categories of authentication and across multiple sources as to not have mutliple compromised at once Security Key - correct answer Hardware device used for second step in authentication; Yubikey AWS Identity and Access - correct answer Principle of least privilege (PoLP) - correct answer Computer security concept of providing a user, role, or application the least amount of permissions to perform an operation or action. Just-Enough-Access (JEA) - correct answer Permitting only the exact actions for the identity to perform a task Just-In-Time (JIT) - correct answer Permitting the smallest length of duration an identity can use permissions AWS CCP Complete Questions With Complete Solutions ConsoleMe - correct answer is an open-source Netflix project to self-serve short-lived IAM policies so an end- user can access AWS resources while enforcing JEA and JIT Risk-based adaptive policies - correct answer Each attempt to access a resource generates a risk score of how likely the request is to be from a compromised source. The risk score could be based on many factors e.g. device, user location, IP address what service is being accessed, and when. AWS at the time of this recording does not have Risk- based adaptative policies built into IAM AWS Account - correct answer account which holds all your AWS resources AWS Account - Root User - correct answer special account with full access that cannot be deleted AWS Account - User - correct answer user for common tasks that are assigned permissions AWS CCP Complete Questions With Complete Solutions Root user differences - correct answer - Account can not be deleted - Root User account has full permissions to the account and its permissions *cannot be limited -You cannot use IAM policies to explicitly deny the root user access to resources. - You can only use an AWS Organizations service control policy (SCP) to limit the permissions of the root user -One Root user per AWS account -An AWS Root Account should not be used for daily or common tasks is instead for very specific and specialized tasks that are infrequently or rarely performed Root User Specific Authorizations - correct answer - Change account settings -Restore IAM user permission