1

Respuesta de referencia

Amazon RDS is a managed relational database service that makes it easier to set up, operate, and scale a relational database in the cloud. It is used for various relational database engines, such as MySQL, PostgreSQL, Oracle, SQL Server, and Amazon Aurora.

2

Respuesta de referencia

Elastic this, elastic that…. Elasticity is one of the most important advantages that cloud computing brings to the table. Elasticity is all about matching capacity to demand as closely as possible. Not all elements in an architecture can be elastic, but your architect should recognize the importance of elasticity and strive to take advantage of it at every opportunity.

3

Respuesta de referencia

Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, or IP addresses. This enhances the availability and fault tolerance of applications. Key components of ELB include: - Load Balancers: AWS offers different types of load balancers, including Application Load Balancer (ALB), Network Load Balancer (NLB), and Classic Load Balancer (CLB), each optimized for specific use cases. ALB is best for HTTP/HTTPS traffic and offers advanced routing features, while NLB is optimized for TCP traffic and high performance. - Health Checks: ELB performs health checks on registered targets to ensure they are available to handle traffic. If a target fails the health check, the load balancer automatically routes traffic away from it until it recovers. - Auto Scaling Integration: ELB works seamlessly with Auto Scaling, allowing new instances to be added or removed based on demand while automatically redistributing traffic to the available instances. - Security Features: ELB supports SSL termination, allowing secure HTTPS traffic to be managed at the load balancer level, offloading the encryption/decryption workload from the application servers. By using Elastic Load Balancing, organizations can improve the availability, scalability, and security of their applications.

4

Respuesta de referencia

Use AWS CloudWatch to monitor Lambda functions. CloudWatch provides metrics such as invocation count, duration, error count, and throttles.

5

Respuesta de referencia

Cloud-based message queues are a way to decouple applications and services. Message queues allow applications to send and receive messages asynchronously. This can improve the performance, scalability, and reliability of applications. Some popular cloud-based message queues include: - Amazon Simple Queue Service (SQS) - Google Cloud Pub/Sub - Azure Service Bus Cloud-based message queues can be used for a variety of tasks, such as: - Decoupling applications and services - Implementing event-driven architectures - Processing large volumes of data - Building scalable and reliable applications

6

Respuesta de referencia

User datagram protocol known as the UDP, is a connectionless protocol that can easily be used for different purpose in various applications. The time of establishing a connection of UDP is much improved and faster than the TCP and other protocols. So, the users will not only get a connectionless protocol but also it provides a great working speed to its users. Sometimes, it can be used as the transport layer when you talk about networking and its most important working layers. Here are some key points of UDP: - UDP can control the flow of data in a reliable way - When you want to use any protocol for simple networking then perhaps UDP will provide you the desired results within some really quick time - It is not compulsory for systems to contain information about the UDP as it provides a great liberty to its users - The processing time of UDP is much less than the other protocols - Likewise, transmitting time of UDP is much improved and reliable - The procedure of receiving anything from hosts would become simpler in UDP

7

Respuesta de referencia

Use authentication and authorization methods such as single sign-on or multi-factor authentication to ensure the security of third-party cloud services. Establishing a secure connection to the cloud service provider or utilizing a virtual private cloud (VPC) is also critical. Implement a robust encryption scheme and employ active monitoring technologies to detect and prevent unwanted activity.

8

Respuesta de referencia

Use Auto Scaling Groups and AWS CloudWatch to monitor your instances and automatically scale the number of instances based on predefined conditions, such as CPU utilization.

9

Respuesta de referencia

Reserved Instances (RIs) offer a significant discount over On-Demand pricing in exchange for a one- or three-year commitment to a specific instance type, region, and OS. Savings Plans offer similar discounts but with more flexibility. SPs cover EC2, Fargate, and Lambda usage in a broader scope, based on hourly spend rather than instance type.

10

Respuesta de referencia

A self-healing architecture ensures automatic recovery from failures using: - Auto Scaling Groups: Automatically replaces failed EC2 instances. - Elastic Load Balancer (ELB): Routes traffic only to healthy instances. - AWS Lambda & CloudWatch Alarms: Detects failures and triggers remediation. - Multi-AZ & Multi-Region Deployments: Ensures high availability. - AWS Backup & RDS Read Replicas: Ensures data redundancy. - Route 53 Health Checks & Failover: Redirects traffic in case of a regional failure.

11

Respuesta de referencia

Amazon Elastic Kubernetes Service (EKS) is a fully managed service that allows you to run Kubernetes on AWS without managing the Kubernetes control plane.

12

Respuesta de referencia

DNS service used to route internet traffic.

13

Respuesta de referencia

When AWS creates EC2 instances, there are some blocks of computing capacity and processing power left unused. AWS releases these blocks as Spot Instances. Spot Instances run whenever capacity is available. These are a good option if you are flexible about when your applications can run and if your applications can be interrupted. On the other hand, On-Demand Instances can be created as and when needed. The prices of such instances are static. Such instances will always be available unless you explicitly terminate them.

14

Respuesta de referencia

AWS Lambda has a maximum execution timeout of 15 minutes, limited memory (up to 10 GB), and restricted package size. It also doesn't support persistent connections or background processes.

15

Respuesta de referencia

When troubleshooting a failing CI/CD pipeline, start by reviewing pipeline logs and monitoring dashboards to identify the failed stage or job. Check configuration variables, environment settings, and recent code changes. Use debugging tools or run failing commands locally to replicate the issue. Analyze error messages, consult documentation, and collaborate with team members to isolate and resolve the root cause.

16

Respuesta de referencia

To diagnose and resolve intermittent 502 Bad Gateway errors on EC2 instances behind an ALB, follow a systematic approach: - ALB telemetry: Check CloudWatch metrics—HTTPCode_Target_5XX_Count, TargetConnectionErrorCount, HealthyHostCount—and parse ALB access logs for failing paths, timestamps, and target IP patterns. - EC2/app health: Review CPU, network, disk I/O; inspect app/web logs for timeouts, OOM/memory errors, DB connection limits, or config issues (e.g., proxy_read_timeout). - Network/security: Verify SGs and NACLs permit ALB ⇄ EC2 traffic, including ephemeral ports.

17

Respuesta de referencia

Pre-configuring AMI with software and settings.

18

Respuesta de referencia

Security groups act as virtual firewalls for EC2 instances. They control inbound and outbound traffic by defining rules that specify which traffic is allowed or denied. Security groups are stateful, meaning if you allow incoming traffic on a specific port, the corresponding outbound traffic is automatically allowed.

19

Respuesta de referencia

Edge computing is a distributed computing paradigm that brings computation and data storage closer to the location where it is needed.

20

Respuesta de referencia

Challenges include silos between teams, inconsistent tools and processes, resistance to change, scaling infrastructure, and measuring success. Overcoming these requires standardization, automation, collaboration, and upskilling.

21

Respuesta de referencia

Amazon EC2 is a web service that provides resizable compute capacity in the cloud. Key components include instances, Amazon Machine Images (AMIs), security groups, key pairs, and more.

22

Respuesta de referencia

IAM (Identity and Access Management) is AWS's core service for managing access to resources securely, enforcing least privilege. It defines three key identities: - IAM Users: individuals/apps with long-term credentials. - IAM Groups: collections of users to apply shared policies. - IAM Roles: temporary, auto-rotated credentials assumed by trusted entities (e.g., EC2, Lambda).

23

Respuesta de referencia

AWS Databricks is a collaborative analytics platform. It simplifies big data and AI workflows with Apache Spark, providing scalability and easy integration with AWS services.

24

Respuesta de referencia

To troubleshoot this issue: - Check Security Groups: Ensure that inbound rules allow HTTP (port 80) or HTTPS (port 443) traffic from all (0.0.0.0/0). - Verify Network ACLs: Ensure that the VPC Network ACL allows inbound/outbound traffic for the web server. - Check Instance's Public IP: If using a public IP, confirm it is correct and not changed after a restart. - Confirm Elastic Load Balancer (if applicable): Ensure the target group is healthy and forwarding traffic. - Verify Web Server Configuration: Ensure the web service (Apache, Nginx, etc.) is running and listening on the correct port. - Check Route Tables: Ensure the EC2 instance has the correct route to the internet via an Internet Gateway.

25

Respuesta de referencia

You can use Amazon CloudWatch for monitoring EC2 instances, setting up alarms, and collecting metrics. Additionally, AWS Systems Manager provides tools for patch management, automation, and configuration management of EC2 instances

26

Respuesta de referencia

The Amazon Elastic Compute Cloud (EC2) service provides scalable compute capacity in the AWS cloud. It enables you to run virtual servers (called instances) in different configurations. Think of instance types, OS, networking, storage, etc. Key features include auto-scaling, instance types for various workloads, and pay-as-you-go billing. It also includes elastic IP addresses, placement groups, and integration with other services like IAM and EBS.

27

Respuesta de referencia

AWS Identity and Access Management (IAM) enables secure management of access to AWS resources by allowing you to create users, groups, and roles with granular permissions, enforce multi-factor authentication, and integrate with identity providers for secure, auditable access control.

28

Respuesta de referencia

Cloud computing is composed of five main characteristics: - On-demand self-service: Users can provision cloud services as needed without human interaction with the service provider. - Broad network access: Services are available over the network and accessed through standard mechanisms like mobile phones, laptops, and tablets. - Multi-tenancy and resource pooling: Resources are pooled to serve multiple customers, with different virtual and physical resources dynamically assigned based on demand. - Rapid elasticity and scalability: Capabilities can be elastically provisioned and scaled up or down quickly and automatically to match capacity with demand. - Measured service: Resource usage is monitored, controlled, reported, and billed transparently based on utilization. Usage can be managed, controlled, and reported, providing transparency for the provider and consumer.

29

Respuesta de referencia

Elastic File System used for shared file storage.

30

Respuesta de referencia

AWS Resource Groups are a way to group your AWS resources together. This can make it easier to manage your resources and to apply permissions to your resources. Resource Groups can be used to group resources by application, by environment, or by any other criteria that makes sense for you.

31

Respuesta de referencia

- Stopping an EC2 instance: The instance is shut down, and you will not be billed for hourly usage, but the instance's EBS volume remains and you can restart the instance later. - Terminating an EC2 instance: The instance is permanently deleted, and all associated storage (EBS volumes) is also deleted unless specified otherwise.

32

Respuesta de referencia

Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service that enables you to decouple microservices and distribute information.

33

Respuesta de referencia

An IAM policy is a JSON document that defines permissions and controls what actions are allowed or denied for AWS resources.

34

Respuesta de referencia

The CAP theorem states that a distributed system can provide at most two out of three guarantees: Consistency, Availability, and Partition tolerance. Cassandra is often associated with AP (Availability and Partition tolerance) due to its ability to continue functioning even in the presence of network partitions.

35

Respuesta de referencia

Enable server-side encryption (SSE), use AWS KMS for managing encryption keys, and restrict access via IAM policies.

36

Respuesta de referencia

IAM roles are used to delegate access to users or services, allowing them to interact with AWS services without needing long-term credentials.

37

Respuesta de referencia

AWS Step Functions coordinate distributed applications and workflows. It uses visual workflows to define state transitions and manage task execution across AWS services.

38

Respuesta de referencia

Serverless computing is a cloud computing model in which the cloud provider automatically manages the server infrastructure. This allows developers to focus on writing code without having to worry about managing servers. Serverless computing offers a number of benefits, including: - Scalability: Serverless computing is highly scalable, so you can easily scale your applications up or down to meet your changing needs. - Cost savings: Serverless computing can help you to save money on server costs, as you only pay for the resources that you use. - Ease of use: Serverless computing is easy to use, so developers can focus on writing code without having to worry about managing servers.

39

Respuesta de referencia

Currently, the AWS has 55 cloud spans availability zones, and the total geographical regions or areas of AWS are closer to 18. 1 local region will be available all across the world. In upcoming years, AWS has announced to inaugurate 12 more availability zones in countries like Bahrain, Hong Kong SAR, and Sweden and also in the United States.

40

Respuesta de referencia

Amazon CloudWatch is a monitoring and observability service that provides real-time insights into AWS resources and applications. It helps users track performance metrics, set alarms, and automate actions based on specific thresholds. Key features of CloudWatch include: - Metrics: CloudWatch collects and tracks metrics from various AWS services, providing visibility into resource utilization (e.g., CPU usage, memory consumption) and application performance. - Alarms: Users can create alarms that trigger actions (such as sending notifications or invoking Lambda functions) based on specific conditions, enabling proactive monitoring and response to potential issues. - Logs: CloudWatch Logs allows users to collect, monitor, and analyze log data from AWS resources and applications, facilitating troubleshooting and compliance auditing. - Dashboards: Users can create custom dashboards to visualize key metrics and logs, providing a centralized view of application performance and resource health. - Events: CloudWatch Events enables users to respond to state changes in their AWS resources, automating workflows based on specific events. By using CloudWatch, organizations can gain comprehensive insights into their AWS environments, ensuring optimal performance and reliability.

41

Respuesta de referencia

CloudWatch Alarms is a service that allows you to monitor your AWS resources and send notifications when certain conditions are met. For example, you could create a CloudWatch Alarm to notify you when your CPU utilization exceeds a certain threshold. CloudWatch Alarms can be used to monitor a variety of metrics, such as CPU utilization, memory utilization, network traffic, and database performance.

42

Respuesta de referencia

Distributes incoming traffic across multiple EC2 instances.

43

Respuesta de referencia

Use CodePipeline for automation, CodeBuild for testing, and CodeDeploy for deploying updates. Integrate with GitHub or AWS CodeCommit.

44

Respuesta de referencia

When answering a technical AWS interview question, clearly explain the service, your reasoning, and any trade-offs involved.

45

Respuesta de referencia

Amazon SQS is a poll-based, one-to-one message queuing service where consumers pull messages from the queue, supporting message retention and batching. Amazon SNS is a push-based, one-to-many pub/sub service that immediately pushes messages to all subscribers, does not retain messages, and does not support batching.

46

Respuesta de referencia

Yes, reserved instances support Multi-AZ deployments. Reserved instances are mainly about pricing, not deployment. As long as instance attributes (region, type, platform) match the reservation, pricing benefits apply—even if the instance is in a Multi-AZ setup.

47

Respuesta de referencia

AWS Organizations lets you group and centrally manage multiple AWS accounts. You can apply Service Control Policies (SCPs), consolidate billing, delegate permissions, and segment teams or business units.

48

Respuesta de referencia

It is not possible to launch this instance under the free usage tier.

49

Respuesta de referencia

Security Groups control network-level access to resources (like which IPs can access EC2 instances), while IAM roles manage who can do what within AWS. That includes permissions for users, services, or applications to access specific resources.

50

Respuesta de referencia

AWS Direct Connect is a dedicated network link between on-premises infrastructure and AWS, offering: - Lower latency. - Higher bandwidth. - Increased security over the public internet.

51

Respuesta de referencia

Amazon Cognito enables you to add user sign-up, sign-in, and access control to web and mobile apps easily.

52

Respuesta de referencia

It is not possible to launch this instance under the free usage tier.

53

Respuesta de referencia

Cassandra writes data to a commit log for durability and then updates the in-memory data structure called the memtable. Periodically, memtables are flushed to disk in immutable files known as SSTables. This write process ensures durability and efficient write performance.

54

Respuesta de referencia

Amazon Virtual Private Cloud (VPC) is a service that lets you create a logically isolated section of the AWS Cloud where you can launch resources in a virtual network you define, with control over IP addressing, subnets, route tables, and security.

55

Respuesta de referencia

CodePipeline can be used to automate the flow from code check-in to build, test, and deployment across multiple environments. The following steps can be followed: - Create a pipeline: Start by creating a pipeline in AWS CodePipeline, specifying your source code repository. - Define build stage: Connect to a build service like AWS CodeBuild to compile code, run tests, and create deployable artifacts. - Set up deployment stages: Configure deployment stages for each tier using AWS CodeDeploy to automate deployments to Amazon EC2, AWS Elastic Beanstalk, or AWS ECS. - Add approval steps (optional): For critical environments, insert manual approval steps before deployment stages. - Monitor and iterate: Monitor the pipeline's performance and adjust as necessary.

56

Respuesta de referencia

Controls traffic routing within a VPC.

57

Respuesta de referencia

Amazon EC2 (Elastic Compute Cloud) provides resizable compute capacity in the cloud. It allows you to run virtual servers, scale them up or down, and pay only for what you use.

58

Respuesta de referencia

EBS - Persistent storage - Data survives reboot Instance Store - Temporary storage - Data lost when instance stops

59

Respuesta de referencia

AWS provides multiple security features and compliance programs to ensure the security of customer data. These include security controls, compliance certifications, attestations, and a shared security responsibility model.

60

Respuesta de referencia

The Bare Metal solutions consist of server hardware without an operating system, virtualization layer, or pre-installed software. They give direct, lower-level access to hardware resources and support unique configurations and more customization & flexibility, but they need more manual setup and maintenance.

61

Respuesta de referencia

A cloud disaster recovery testing plan is a plan for testing your cloud disaster recovery procedures. The plan should include the following components: - Test schedule: How often will you test your cloud disaster recovery procedures? - Test scenarios: What cloud disaster recovery scenarios will you test? - Test procedures: What steps will you take to test your cloud disaster recovery procedures? - Test results: How will you record and analyze the results of your cloud disaster recovery tests?

62

Respuesta de referencia

Backup is an important term when you usually work on the documentation files. If you need a reliable backup of such files and documents then you definitely have to prefer the cloud-based services instead of other accessible storage options. The following reasons can tell you the importance of cloud-based services: - Cloud-based storage facility allows a user to share or access programming files from multiple systems or devices. This means that you can easily share the desired file among your workers for different purposes. The speed of sharing and accessing would be superior when you prefer the cloud-based storage. - Cloud-based storage also provide redundant backups of files, which anyone can lose anytime - There is nothing like limitations in the cloud-based storage facility as you can store music files, videos, movies and a lot of other things.

63

Respuesta de referencia

Enable CloudTrail for API logs, use CloudWatch Logs for application/system logs, and set alarms or dashboards.

64

Respuesta de referencia

AWS Lambda and Amazon EC2 are both compute services, but they serve different purposes and are designed for different use cases. - AWS Lambda:some text - Serverless: Lambda is a serverless compute service that allows users to run code in response to events without provisioning or managing servers. Users only pay for the compute time consumed during execution. - Event-Driven: Lambda is designed for event-driven architectures, automatically scaling in response to incoming requests and triggering functions based on events from other AWS services (e.g., S3, DynamoDB). - Short-Lived Processes: Each Lambda function has a maximum execution time (15 minutes), making it ideal for short-lived tasks such as data processing or API handling. - Amazon EC2:some text - Virtual Servers: EC2 provides resizable virtual servers (instances) that users can configure, launch, and manage. Users are responsible for provisioning, scaling, and maintaining the underlying infrastructure. - Long-Running Applications: EC2 is suitable for long-running applications that require consistent performance and more control over the operating environment, including installing custom software and configuring the OS. - Flexible Pricing Models: EC2 offers multiple pricing options, including on-demand, reserved instances, and spot instances, allowing users to optimize costs based on workload patterns. In summary, Lambda is ideal for serverless, event-driven applications, while EC2 is better suited for traditional, long-running server-based applications.

65

Respuesta de referencia

Cloud computing means delivering computing services like servers, storage, and databases over the internet.

66

Respuesta de referencia

Amazon RDS supports several database engines, including MySQL, PostgreSQL, Oracle, SQL Server, and Amazon Aurora. Each engine has its own strengths and use cases, such as MySQL for web applications, PostgreSQL for geospatial data, Oracle for enterprise applications, and Aurora for high performance and scalability.

67

Respuesta de referencia

Horizontal and vertical scaling are two fundamental strategies for increasing the capacity of a system to handle load, but they operate on different principles. - Vertical (scale up): move to a bigger instance (CPU/RAM/I/O). Simple, but has hard limits, may need downtime, and is a single point of failure. - Horizontal (scale out): add more instances behind a load balancer. Cloud-native, near-limitless scale, higher availability/fault tolerance.

68

Respuesta de referencia

SaaS (Software as a Service), or SaaS, eliminates the need for installation. Just log in and start using the software directly.

69

Respuesta de referencia

AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. It allows you to create and manage AWS users and groups, and to set permissions to allow or deny their access to AWS resources.

70

Respuesta de referencia

The three types of EC2 instances based on the costs are: On-Demand Instance - These instances are prepared as and when needed. Whenever you feel the need for a new EC2 instance, you can go ahead and create an on-demand instance. It is cheap for the short-time but not when taken for the long term. Spot Instance - These types of instances can be bought through the bidding model. These are comparatively cheaper than On-Demand Instances. Reserved Instance - On AWS, you can create instances that you can reserve for a year or so. These types of instances are especially useful when you know in advance that you will be needing an instance for the long term. In such cases, you can create a reserved instance and save heavily on costs.

71

Respuesta de referencia

Tools like nodetool , Cassandra's built-in metrics, and third-party solutions like Prometheus and Grafana can be used for monitoring. For management tasks, Cassandra provides cqlsh for query execution and the DataStax DevCenter for cluster management.

72

Respuesta de referencia

AWS provides Multi-Factor Authentication (MFA) to add an extra layer of security by requiring two forms of identification to access AWS services. It can be enabled via IAM for user accounts.

73

Respuesta de referencia

(Example Answer) I designed a serverless e-commerce backend using AWS Lambda, API Gateway, DynamoDB, and Cognito. It handled 1 million requests per day with 99.99% uptime and reduced operational costs by 50% compared to a traditional EC2-based setup.

74

Respuesta de referencia

Amazon Redshift delivers a strong data storage and analysis solution, which enables rapid handling of extensive data volumes. The platform supports big data initiatives and business analytics by allowing SQL-based execution of advanced queries.

75

Respuesta de referencia

There are a number of ways to achieve data backup and recovery in the cloud, including: - Snapshotting: Snapshots are point-in-time copies of your cloud data. They can be used to restore your data to a previous state if it is lost or corrupted. - Replication: Replication is the process of copying your cloud data to multiple locations. This can help to protect your data from data loss or corruption in one location. - Backup services: Cloud providers offer a variety of backup services that can be used to back up your cloud data to an on-premises location or to another cloud provider.

76

Respuesta de referencia

Connection Draining is a feature provided by AWS which enables your servers which are either going to be updated or removed, to serve the current requests. If Connection Draining is enabled, the Load Balancer will allow an outgoing instance to complete the current requests for a specific period but will not send any new request to it. Without Connection Draining, an outgoing instance will immediately go off and the requests pending on that instance will error out.

77

Respuesta de referencia

If more than one statement is applicable, the Deny effect always succeeds.

78

Respuesta de referencia

Hadoop handles node failures automatically through data replication. When a node fails, HDFS and YARN ensure that tasks are rescheduled on healthy nodes, and data is retrieved from replicas.

79

Respuesta de referencia

CloudFormation automates resource provisioning using templates. It enables version-controlled infrastructure as code and ensures consistency across environments.

80

Respuesta de referencia

In a typical multitier architecture, web servers are placed in a public subnet (accessible from the internet), while application servers and databases are placed in private subnets (not directly accessible from the internet). Security groups and network ACLs further restrict access, ensuring only necessary communication between tiers and protecting sensitive data and services.

81

Respuesta de referencia

AWS Auto Scaling automatically adjusts the capacity of your resources to maintain performance and availability at the lowest possible cost.

82

Respuesta de referencia

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.

83

Respuesta de referencia

AWS Service Catalog allows organizations to create and manage IT services that are approved for use on AWS. It enables you to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet compliance requirements. End users can deploy pre-approved products (like virtual machine images, software stacks, or entire multi-tier application architectures) in a self-service manner.

84

Respuesta de referencia

AWS provides a Lifecycle Policy in S3 as a storage cost optimizer. In fact, it enables the establishment of data retention policies for S3 objects within buckets. It is possible to manage data securely and set up rules so that it moves between different object classes on a dynamic basis and is removed when it is no longer required.

85

Respuesta de referencia

- Use Route 53 for DNS-based failover and latency routing - Deploy EC2, RDS, and S3 across multiple regions - Replicate data using RDS Global Databases or S3 Cross-Region Replication - Monitor health with CloudWatch and automated alarms. Scenario Tip: Describe a real-world failover scenario and recovery time objective (RTO) considerations.

86

Respuesta de referencia

Recommend migrating with AWS Application Migration Service to move workloads efficiently. For global low-latency access and high availability, use Amazon CloudFront as a content delivery network, deploy application servers in multiple AWS regions, and use Amazon S3 with Cross-Region Replication for static data. For databases, consider Amazon Aurora Global Databases or DynamoDB Global Tables for multi-region replication. Route 53 can help with global DNS routing to the nearest healthy region.

87

Respuesta de referencia

In AWS, every EC2 instance automatically gets a Public IP and can optionally be assigned an Elastic IP for more flexibility. - Dynamic: Assigned when the instance starts and lost on stop or termination. - Shared: Drawn from a pool of AWS addresses, potentially used by other instances. - Cost: Free while associated with a running instance. Useful for instances that need temporary, internet-facing access. - Static: Remains constant until explicitly released. - Dedicated: Solely assigned to the AWS account unless released. - Cost: Incurs charges when not in use with a running instance. Designed for hosting applications or network appliances that require a consistent public IP address. - Public IP: Let instances use public IPs unless there's a specific need for a static address. Avoid leaving unused Elastic IPs assigned to instances, as this costs money. Instead, consider releasing them and using other appropriate mechanisms, such as public IPs or AWS resources like load balancers and NAT gateways.

88

Respuesta de referencia

AWS CloudFormation is a tool for managing and provisioning cloud infrastructure as code. By defining infrastructure in templates, you can create, update, and manage AWS resources in a repeatable and consistent manner. CloudFormation simplifies managing complex environments and ensures all resources are configured correctly and efficiently. As a Cloud Engineer, understanding CloudFormation allows you to automate resource deployment, reducing the risk of human error while ensuring your infrastructure remains consistent across multiple environments.

89

Respuesta de referencia

Elastic Beanstalk includes components like environment, application, and configuration settings. It manages the deployment and scaling of web applications automatically.

90

Respuesta de referencia

AWS Organizations allows you to centrally manage and govern multiple AWS accounts. Service Control Policies (SCPs) are used within AWS Organizations to set permission guardrails, controlling the maximum available permissions for member accounts.

91

Respuesta de referencia

If the template has an error, stack creation or update may fail, leading to incomplete or inconsistent infrastructure. CloudFormation will roll back changes by default. To correct it, review error messages, fix the template, validate with the CloudFormation linter, and redeploy.

92

Respuesta de referencia

Security measures for EKS clusters include using IAM roles for worker nodes, implementing network policies, and regularly updating the cluster to apply security patches. Additionally, controlling access using AWS Identity and Access Management (IAM) and RBAC (Role-Based Access Control) in Kubernetes is crucial.

93

Respuesta de referencia

The following techniques can speed up data transport solution in Snowballs: - Execute multiple copy operations simultaneously. - Copy data to a single snowball from many workstations. - To reduce the encryption overhead, it is best to transfer large files into small batches of smaller files. - Removing any additional hops.

94

Respuesta de referencia

Amazon Elastic Container Service (ECS) is a highly scalable, high-performance container management service that supports Docker containers and allows you to easily run applications on Amazon EC2 and AWS Fargate. - AWS Fargate Integration: Run containers without provisioning or managing servers. - Task and Service Definitions: Define and configure your tasks and services using the ECS management console or task definitions. - Service Auto Scaling: Automatically adjust service capacity based on load. - Service Load Balancing: Balance incoming traffic across containers in a service. - Task Scheduling: Place tasks based on resource needs, strategies, and state. - Custom Schedulers: Integrate third-party or custom schedulers for advanced orchestration. A logical grouping of tasks and services. It acts as a base to host tasks and services. Within a cluster, you can have both EC2 instances and/or AWS Fargate capacity to run tasks. This is where you specify what container images to use, and various container settings like networking and storage. Think of a task definition as a blueprint for your application. An instantiation of a task definition that's running on the cluster. Ensures that a specified number of tasks from a task definition are running and available. If any tasks or instances fail or are terminated, the service automatically launches new instances to maintain the desired number of tasks. For ECS to function, your EC2 instances must have the ECS container agent running on them. This agent communicates with the ECS service in AWS, allowing tasks to be launched on the instance. - Instance Management Responsibility: You're responsible for provisioning and managing EC2 instances in your cluster. - Serverless: Run containers without managing the underlying infrastructure. - Task Level Responsibility: You define tasks and their requirements; AWS handles the rest. ECS pricing follows a pay-as-you-go model, where you're charged based on the AWS resources you use with ECS. There are costs associated with networking, storage, EC2 or Fargate usage, as well as any AWS integrations like load balancing or CloudWatch.

95

Respuesta de referencia

AWS EC2 (Elastic Compute Cloud) provides scalable computing capacity. It allows users to run virtual machines, known as instances, in the cloud.

96

Respuesta de referencia

A scalable, fault-tolerant, and cost-effective architecture for a global photo-sharing application can be designed as follows: - Ingestion & processing: S3 (with Transfer Acceleration) stores uploads; S3 Events trigger Lambda to process/thumbnail. - Delivery: CloudFront caches images globally; origin = S3 (originals + thumbnails). - API & auth: API Gateway + Lambda for REST; Cognito for user auth/JWTs. - Data layer: DynamoDB for profiles/metadata/likes/social graph (+ Global Tables); OpenSearch for indexing & personalized feeds. - DNS & routing: Route 53 latency-based routing to nearest region. - Monitoring, security, cost: CloudWatch metrics/logs/alarms; IAM least-privilege; optimize with S3 Lifecycle, Lambda pay-per-use, Fargate, and Savings Plans.

97

Respuesta de referencia

You can troubleshoot failed deployments by checking the deployment logs in AWS CodeDeploy, reviewing application logs in CloudWatch, and verifying your deployment configurations.

98

Respuesta de referencia

T2 Instances are designed to provide moderate baseline performance and the capability to burst to higher performance as required by the workload.

99

Respuesta de referencia

I would use AWS Elastic Beanstalk to deploy the Java application. It simplifies the management of the environment and automatically handles scaling, load balancing, and monitoring.

100

Respuesta de referencia

To design a scalable, manageable, and secure network architecture for a large enterprise with multiple AWS accounts and VPCs, along with on-premises connectivity, the best practice is to implement a hub-and-spoke topology using AWS Transit Gateway and AWS Direct Connect. Here's how the architecture would be structured: 1. Central Hub - AWS Transit Gateway (TGW) - Deployment: Create the Transit Gateway in a dedicated "Network" account within your AWS Organization. - Function: Acts as a regional cloud router, enabling centralized routing between VPCs and external networks. - Spoke Attachments: Each VPC, regardless of account, attaches to the TGW. This eliminates the need for complex VPC peering meshes. - Routing Control: Use TGW route tables to define which VPCs can communicate with each other and with the on-premises network. This simplifies segmentation and traffic flow management. 2. On-Premises Connectivity - AWS Direct Connect - Private Link: Establish a dedicated, high-bandwidth connection from the on-premises data center to AWS using Direct Connect. - Direct Connect Gateway: Terminate the Direct Connect link at a Direct Connect Gateway. - TGW Association: Associate the Direct Connect Gateway with the Transit Gateway to enable seamless communication between on-premises systems and all attached VPCs. 3. Multi-Account Management - AWS Organizations - Centralized Ownership: The "Network" account owns the TGW and Direct Connect Gateway. - Resource Sharing: Use AWS Resource Access Manager (RAM) to share the TGW across other accounts in the organization. - Governance: Apply Service Control Policies (SCPs) and tagging strategies to enforce security and cost controls across accounts.

101

Respuesta de referencia

Agile is a methodology that focuses on iterative development, whereas DevOps is a practice that bridges the gap between development and operations to ensure faster and more reliable software delivery.

102

Respuesta de referencia

Amazon EC2 is a web service provided by AWS that allows users to rent virtual machines (EC2 instances) in the cloud. Users can choose from various instance types with different CPU, memory, and storage configurations. EC2 instances can be launched, configured, and terminated as needed, providing scalable compute capacity.

103

Respuesta de referencia

Monitor key metrics (CPU, memory, disk, network), set up alarms for anomalies, analyze logs, and use CloudWatch dashboards for visualization. Troubleshoot by correlating metrics with logs and events to identify and resolve bottlenecks or failures.

104

Respuesta de referencia

RDS → Relational database DynamoDB → NoSQL key-value database

105

Respuesta de referencia

AWS Serverless Application Model (SAM) is a framework for building and deploying serverless applications on AWS. SAM provides a high-level abstraction for serverless applications, which can make it easier to develop and deploy serverless applications. To deploy a serverless application using SAM, you first need to create a SAM template. A SAM template is a JSON file that defines your serverless application and its resources. Once you have created a SAM template, you can deploy your application using the AWS SAM CLI. The SAM CLI will create and configure all of the resources that are defined in your SAM template.

106

Respuesta de referencia

IaC refers to managing and provisioning infrastructure through code instead of manual processes. In AWS, you can implement IaC using AWS CloudFormation and AWS CDK (Cloud Development Kit).

107

Respuesta de referencia

Google Cloud Storage is a unified object storage solution for developers and enterprises.

108

Respuesta de referencia

Lambda is serverless, and runs code in response to events. EC2 is a virtual server for running applications, requiring more management and resources.

109

Respuesta de referencia

I would use Reserved Instances for predictable workloads. For variable workloads, I'd leverage Auto Scaling and Spot Instances. Additionally, using S3 lifecycle policies can help manage storage costs efficiently.

110

Respuesta de referencia

Schema-on-read is commonly used in data lakes where raw, semi-structured data is stored (e.g., in S3), and the schema is applied only during query time using tools like Athena or Redshift Spectrum. This approach offers flexibility for diverse data sources. Schema-on-write, often used in RDS or Redshift, enforces structure upfront and is preferred for transactional or structured datasets needing strict data validation.

111

Respuesta de referencia

Amazon S3 (Simple Storage Service) is an object storage service that offers high availability, scalability, and security. Key features include: - Scalability: Stores unlimited data with automatic scaling. - Durability: 99.999999999% (11 9's) durability with data replication across multiple Availability Zones. - Storage Classes: Offers multiple storage classes like Standard, Intelligent-Tiering, Glacier, and One-Zone IA for cost optimization. - Versioning: Maintains multiple versions of an object to protect against accidental deletions. - Lifecycle Policies: Automatically transitions objects between storage classes or deletes them after a defined period. - Security & Encryption: Supports encryption (SSE-S3, SSE-KMS, SSE-C) and IAM policies for access control. - Data Transfer Acceleration: Speeds up uploads using Amazon CloudFront's global network. - Event Notifications: Triggers AWS Lambda, SNS, or SQS on object events like uploads or deletions.

112

Respuesta de referencia

I $#@%^& love/hate tool XXX. It's a good sign if candidates have strong opinions about which tool chains they prefer. Someone who has learned to love or hate a CI or CD tool has actually walked the walk down the DevOps path.

113

Respuesta de referencia

AWS handles security of the cloud (hardware, network, etc.), while customers manage security in the cloud (data, access control, etc.).

114

Respuesta de referencia

Start by reviewing AWS Cost Explorer or CloudZero to identify which EC2 instances or accounts are driving the cost spikes. Check for untagged or mistagged resources, unused running instances, or unoptimized instance types. Look at Auto Scaling Group activity and Spot instance usage. From there, consider right-sizing and switching to Reserved Instances or Savings Plans. Better still, consider replacing EC2 with containerized or serverless alternatives.

115

Respuesta de referencia

Deploy across multiple availability zones, use Elastic Load Balancing, Auto Scaling, and design fault-tolerant architectures.

116

Respuesta de referencia

Cloud-based big data services provide managed Hadoop clusters and other data processing frameworks on cloud platforms, offering scalability, ease of use, and integration with other cloud services. Hadoop requires cluster setup and maintenance, while cloud services abstract much of this complexity.

117

Respuesta de referencia

The Lambda might not have an event source mapping to the SQS queue, or its IAM role lacks permission to read from the queue. I'd check both.

118

Respuesta de referencia

Lambda is utilized for tasks like data processing, automation, and creating event-driven applications. It automatically scales and manages resources.

119

Respuesta de referencia

Classic Load Balancer.

120

Respuesta de referencia

AWS Inspector is a service that helps you to identify and remediate security vulnerabilities in your AWS resources. Inspector scans your resources for vulnerabilities and provides you with a report of the findings. Inspector can enhance security by helping you to identify and remediate security vulnerabilities before they can be exploited by attackers. Inspector can also help you to improve your security posture by providing you with recommendations for how to remediate vulnerabilities.

121

Respuesta de referencia

Tags are key-value pairs that allow users to organize and manage AWS resources effectively. They help with resource management, cost tracking, and access control across AWS services. Key features of tags include: - Identification: Tags can be used to identify resources based on projects, teams, environments (e.g., development, testing, production), or any other criteria that suits organizational needs. - Cost Allocation: Tags can be used for cost tracking, enabling organizations to allocate costs based on specific tags for billing purposes. AWS provides cost allocation reports that can break down costs by tags. - Access Control: IAM policies can use tags to enforce permissions, allowing or denying access to resources based on specific tags associated with those resources. - Automation: Tags can be used with AWS services like AWS Lambda and CloudFormation to automate resource management tasks based on tag values. By using tags effectively, organizations can enhance resource management, improve visibility, and facilitate better billing practices.

122

Respuesta de referencia

Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, and performance. It's commonly used for backup, archiving, and serving static content.

123

Respuesta de referencia

I would construct the application to leverage Amazon Elastic Compute Cloud (EC2) instances in an Auto Scaling group to handle abrupt traffic spikes. I'd set up the Auto Scaling group to scale out based on measures like CPU consumption or network traffic. In addition, I would use Amazon CloudFront, a content delivery network (CDN), to cache and provide static content, which would reduce the burden on the application servers. As a result, the application can scale horizontally and efficiently manage additional traffic.

124

Respuesta de referencia

It's a yes. Amazon CloudFront will help you support custom origins. This may include origins that come from outside of AWS.

125

Respuesta de referencia

Elastic Transcoder is an AWS Service Tool that helps you in changing a video's format and resolution to support various devices like tablets, smartphones, and laptops of different resolutions.

126

Respuesta de referencia

Caching improves API performance by storing responses. It reduces backend load and latency by delivering cached responses for repeated requests instead of invoking the backend service.

127

Respuesta de referencia

There are different options for submitting requests to Amazon S3: - Use REST APIs. - Use AWS SDK Wrapper Libraries.

128

Respuesta de referencia

Amazon Kinesis Data Streams is a real-time data streaming service that allows you to ingest and process streaming data from a variety of sources, such as web applications, sensors, and social media feeds. Kinesis Data Streams provides a durable and scalable platform for processing streaming data in real time. Amazon Kinesis Data Analytics is a fully managed service that makes it easy to process and analyze streaming data. Kinesis Data Analytics provides a number of SQL- and Java-based APIs that can be used to process and analyze streaming data.

129

Respuesta de referencia

- Standard: High durability, frequent access. - IA (Infrequent Access): Cheaper, for less-accessed data. - Glacier: Long-term, archival storage. - One-Zone-IA: Lower durability, cost-effective.

130

Respuesta de referencia

AWS PrivateLink works with service endpoints to provide a private and secure way to connect your VPC to AWS services. Service endpoints are dedicated network interfaces that allow you to connect to AWS services without using the public internet. When you create a service endpoint, you can choose to enable PrivateLink. If you enable PrivateLink, AWS will create a private connection between your VPC and the AWS service. This connection is isolated from the public internet and is only accessible to resources in your VPC.

131

Respuesta de referencia

A cloud virtual private network (VPN) is a secure tunnel between your on-premises network and the cloud. It allows you to access your cloud resources as if they were located on your on-premises network. Cloud VPNs are typically used to connect on-premises networks to public clouds. However, they can also be used to connect on-premises networks to private clouds and hybrid clouds. Cloud VPNs can be used to improve the security of your cloud resources by encrypting traffic between your on-premises network and the cloud. They can also be used to improve the performance of your cloud resources by reducing latency.

132

Respuesta de referencia

Amazon Elastic Compute Cloud (EC2) is a web service that provides resizable compute capacity in the cloud. It is designed for developers to have full control over computing resources in a highly available and cost-effective manner. - Virtual Computing Environment: EC2 enables users to set up virtual machines, known as instances, for running their applications. These instances function like real computers and are hosted in the cloud. - Variety of Instance Types: EC2 offers diverse instance families optimized for various workloads, such as general-purpose computing, memory or CPU-intensive tasks, storage-optimized applications, and more. - Purchasing Options: Users can select from on-demand instances (pay-as-you-go), spot instances (bid for unused capacity at potentially lower costs), and reserved instances (long-term contracts for reduced pricing). - Integrated Security: Security Group and Virtual Private Cloud (VPC) mechanisms help in controlling network access to instances, and Key Pairs facilitate secure instance logins. - Scalability and Elasticity: EC2 supports auto-scaling to adjust instance capacity based on demand, and Elastic Load Balancing to distribute traffic across multiple instances. - Custom AMIs: Users can create customized Amazon Machine Images (AMIs) to encapsulate specific software configurations and resources. - Flexible Storage Options: Amazon EC2 provides various types of storage volumes, including Amazon EBS for persistent block storage and Amazon S3 for object storage. - Network Performance Monitoring: Users can monitor the network performance of their instances with tools like Elastic Network Adapters (ENAs) and Enhanced Networking. - Integrated Ecosystem: AWS Management Console, AWS Command Line Interface (CLI), and Software Development Kits (SDKs) streamline EC2 instance management. - Resource Tagging: Tags help in managing and organizing resources by providing metadata for instances.

133

Respuesta de referencia

AWS Systems Manager provides visibility and control of your infrastructure on AWS. It offers operational insights and enables automation of common tasks.

134

Respuesta de referencia

Files in S3 can be encrypted using server-side encryption with Amazon S3 managed keys (SSE-S3), server-side encryption with AWS KMS keys (SSE-KMS), dual-layer server-side encryption (DSSE-KMS), server-side encryption with customer-provided keys (SSE-C), and client-side encryption where you manage the keys and encryption process.

135

Respuesta de referencia

Amazon Bedrock is a fully managed service that provides access to foundation models from providers like Anthropic, Meta, Mistral, and others, including Amazon's own Nova and Titan models. You'd use Bedrock when you want to build generative AI applications without managing model infrastructure or fine-tuning pipelines. Common use cases include retrieval-augmented generation (RAG) applications using Bedrock Knowledge Bases, building AI agents with Bedrock Agents, and customizing models with your own data through fine-tuning or continued pretraining.

136

Respuesta de referencia

Amazon Simple Storage Service (S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. S3 is designed to store and retrieve any amount of data from anywhere on the web, making it a popular choice for backup, archiving, big data analytics, and static website hosting. Key features of S3 include: - Durability and availability: S3 is designed for 99.999999999% (11 nines) durability, ensuring data is reliably stored and accessible. - Scalability: S3 can handle virtually unlimited amounts of data, making it suitable for applications that experience variable workloads. - Security: S3 provides multiple layers of security, including bucket policies, IAM roles, and server-side encryption. - Data Management: S3 offers features like versioning, lifecycle policies, and event notifications, allowing users to manage their data effectively. - Cost-effective storage classes: S3 provides different storage classes to optimize costs based on access patterns, including Standard, Intelligent-Tiering, One Zone-IA, and Glacier for archival storage. S3's combination of flexibility, performance, and cost-effectiveness makes it a fundamental service for modern cloud architectures.

137

Respuesta de referencia

AWS Fargate is a serverless compute engine for containers that allows you to run containers without having to manage the underlying infrastructure.

138

Respuesta de referencia

Amazon RDS simplifies database setup and scaling for Java applications. It supports automated backups, multi-AZ deployments, and performance tuning for databases like MySQL, PostgreSQL, and Oracle.

139

Respuesta de referencia

A Virtual Private Cloud (VPC) is a private, isolated section of the AWS cloud where you can launch AWS resources. VPCs allow you to control your network's IP address range, subnet configuration, and route tables. For Cloud Engineers, configuring VPCs is a foundational skill. VPCs allow you to define public and private subnets, configure security groups, and set up NAT gateways for internet access from private subnets. The ability to design and manage VPCs is critical for ensuring secure and isolated network architectures for AWS-based applications.

140

Respuesta de referencia

Start with zero permissions and add only what's needed. I create specific IAM roles per function rather than broad permissions. Use IAM conditions to add restrictions - like requiring MFA for sensitive operations or limiting actions to business hours. I use IAM Access Analyzer to find overly permissive policies and review CloudTrail logs to see which permissions are actually used. For temporary elevated access, implement just-in-time access that auto-revokes after a time period. Service Control Policies in AWS Organizations enforce boundaries across all accounts - even if someone has full IAM permissions, SCPs can block dangerous actions.

141

Respuesta de referencia

Cloud storage solutions provide scalable and cost-effective storage options for data, such as object storage (Amazon S3), block storage (Amazon EBS), and file storage (Amazon EFS). These solutions typically provide scalable storage capacity and can be accessed remotely over the internet, making storing and retrieving data from anywhere in the world easy. Additionally, cloud storage solutions often offer features such as data redundancy, data encryption, and data backup and recovery, which help ensure stored data's security and availability.

142

Respuesta de referencia

A container is a lightweight, standalone, executable package of software that includes everything needed to run it.

143

Respuesta de referencia

DevOps is a set of practices that integrates software development (Dev) and IT operations (Ops) to shorten the development lifecycle and deliver features, fixes, and updates frequently in close alignment with business objectives.

144

Respuesta de referencia

Database Migration Service.

145

Respuesta de referencia

Hybrid cloud architecture combines public cloud, private cloud, and on-premises resources, allowing organizations to move workloads between environments for greater flexibility, scalability, and compliance.

146

Respuesta de referencia

AWS CodeGuru is a service that helps you to improve the quality of your code. CodeGuru uses machine learning to analyze your code and identify potential problems, such as security vulnerabilities, performance bottlenecks, and bugs. AWS CodeGuru provides a number of features to help you improve the quality of your code, including: - Code reviews: CodeGuru automatically reviews your code and identifies potential problems. - Recommendations: CodeGuru provides recommendations on how to fix potential problems in your code. - Insights: CodeGuru provides insights into your code quality, such as the number of bugs and security vulnerabilities in your code.

147

Respuesta de referencia

Amazon CloudWatch is a monitoring and observability service designed to track various metrics, set alarms, and automatically respond to changes in AWS resources. It helps improve visibility into application performance, system health, and operational issues. The main components are: - Metrics: CloudWatch collects data points that provide insights into resource utilization, application performance, and operational health. - Alarms: Alarms notify users or trigger automated actions based on specific metric thresholds. - Logs: CloudWatch Logs provides centralized storage for application and infrastructure logs for troubleshooting and identifying issues. - Events: CloudWatch Events (or Amazon EventBridge) detects changes in AWS resources and can trigger predefined actions.

148

Respuesta de referencia

CloudWatch Alarms watch a metric over time and perform an action based on predefined thresholds, such as sending notifications or scaling EC2 instances.

149

Respuesta de referencia

Building a highly available and fault-tolerant architecture on AWS involves several strategies: - Implementing redundancy across system components to eliminate single points of failure - Using load balancing to distribute traffic evenly and ensure optimal performance - Setting up automated monitoring for real-time failure detection and response - Designing systems for scalability to handle varying loads with a distributed architecture - Employing fault isolation, regular backups, and disaster recovery plans - Designing for graceful degradation maintains functionality during outages - Continuous testing and deployment practices improve system reliability

150

Respuesta de referencia

The common language domains names are much easier to keep remember and communicate and that's why sometimes, you can easily prefer to use such common language domain names instead of the internet protocol addresses.

151

Respuesta de referencia

As an AWS Cloud Practitioner, I would understand the basics of S3, its use cases, and pricing models. I would also be aware of its security features and best practices.

152

Respuesta de referencia

The stateful firewall by AWS Network firewall protects against unauthorized access to your Virtual Private Cloud (VPC) by monitoring connections and identifying protocols. This service's intrusion prevention program uses active flow inspection to detect and rectify loopholes in security using single-based detection. This AWS service employs web filtering to block known malicious URLs.

153

Respuesta de referencia

HVM (Hardware Virtual Machine) PV (Paravirtualization)

154

Respuesta de referencia

There are plenty of internet layers and web servers available all across the world which actually becomes the communication path of the internet. Sharing could not become much faster without the innovation of the internet. Circuit switching is a term which internet use for working in your current environment. Packet switching is another internet tool which makes it much simpler for the internet to exchange or share the information. Packing switching simply refers to dividing each internet server into multiple internet servers. The computer doesn't need any physical way. The supporting devices of the internet would be enough to make a better and reliable sharing of internet among plenty of computers.

155

Respuesta de referencia

Platform as a Service (PaaS) is a cloud computing model that provides a platform allowing customers to develop, run, and manage applications without dealing with infrastructure management. AWS Elastic Beanstalk is an example of a PaaS offering.

156

Respuesta de referencia

An Availability Zone (AZ) is a physically separate data center in a region, with independent power, networking, and cooling. AWS regions contain multiple AZs to support fault-tolerant and high-availability architectures.

157

Respuesta de referencia

To launch an EC2 instance: - Open the Amazon EC2 console. - Click “Launch Instance.” - Choose an Amazon Machine Image (AMI). - Select an instance type based on your requirements. - Configure instance details, such as the number of instances and network settings. - Add storage by specifying the size and type of the volume. - Configure security groups to control inbound and outbound traffic. - Review and launch the instance. - Create or select an existing key pair for SSH access.

158

Respuesta de referencia

IAM policies are JSON documents that define permissions. They can be attached to users, groups, or roles to grant or deny actions on resources.

159

Respuesta de referencia

AWS Elastic Container Service (ECS) is a managed container orchestration service that makes it easy to run Docker containers on AWS. ECS provides a number of features that make it easy to manage your containers, such as task scheduling, load balancing, and health checks. Kubernetes is an open-source container orchestration platform that automates many of the manual processes involved in managing containers. Kubernetes provides a number of features that make it easy to deploy, manage, and scale containerized applications.

160

Respuesta de referencia

Amazon Glacier is a low-cost, long-term storage service designed for data archiving and backups. While it offers lower storage costs compared to S3, retrieval times can take several hours, making it best suited for infrequently accessed data. You can use Glacier to store large volumes of data backups, logs, and other archival data that don't require immediate access but need to be preserved securely over time.

161

Respuesta de referencia

The key IT topics covered include: 1. Linux Operating System fundamentals 2. How to monitor and troubleshoot on live Linux servers 3. AWS Cloud Fundamental Interview questions 4. AWS Core Services - AWS Global Infrastructure, IAM, IAM Policy and Roles, Security fundamentals, EC2, EBS, AMI, Application Load Balancer, Security Groups, VPC, Internet Gateway, CloudTrail, CloudWatch, Simple Storage Service, S3, versioning with S3, various Storage Classes in S3, S3 Bucket Policy, RDS, Elastic Beanstalk, Amazon Lambda, DynamoDB, CloudFormation, AWS Pricing Calculator 5. Basic Networking fundamentals for better troubleshooting by using curl, dig, nc, nslookup, ps commands 6. How to troubleshoot live AWS Cloud Infrastructure running with various services 7. How to do monitoring of live Cloud infrastructure

162

Respuesta de referencia

- CloudWatch: Metrics, alarms, and dashboards - CloudTrail: Track API calls for auditing - AWS Config: Monitor configuration compliance - Trusted Advisor: Best practices and cost optimization suggestions

163

Respuesta de referencia

Cloud-based databases are databases that are hosted and managed by a cloud provider. They offer a number of advantages over on-premises databases, such as: - Scalability: Cloud-based databases are highly scalable, so you can easily scale them up or down to meet your changing needs. - Reliability: Cloud-based databases are highly reliable, and cloud providers offer a variety of services to ensure the reliability of your databases. - Security: Cloud-based databases are secure, and cloud providers offer a variety of security services to protect your data.

164

Respuesta de referencia

A data lake is a centralized repository that allows you to store all your structured and unstructured data at any scale.

165

Respuesta de referencia

Amazon RDS automates administrative tasks like backups, patching, and scaling. It allows users to focus on application development instead of managing databases.

166

Respuesta de referencia

AWS availability zones must be traversed to access the resources that AWS has to offer. Applications will be designed effectively for fault tolerance. Availability Zones have low latency communications with one another to efficiently support fault tolerance.

167

Respuesta de referencia

Amazon EC2 (Elastic Compute Cloud) is a web service that provides resizable, on-demand compute capacity in the cloud, allowing users to run virtual servers (instances) for various workloads with flexible scaling and pricing options.

168

Respuesta de referencia

AWS CloudTrail logs API calls made in your account, providing visibility into user activity and changes to resources, which helps in auditing and compliance.

169

Respuesta de referencia

AWS Lambda is a serverless computing service that allows users to run code in response to events without provisioning or managing servers. With Lambda, users can execute code in various programming languages, including Python, Java, JavaScript, and C#, among others. Key components of how AWS Lambda works include: - Event-driven architecture: Lambda functions can be triggered by events from various AWS services, such as S3 (when a file is uploaded), DynamoDB (on table updates), or API Gateway (for HTTP requests). - Execution: When an event triggers a Lambda function, AWS automatically provisions the necessary computing resources, executes the function code, and scales as needed based on the number of incoming requests. - Stateless: Each Lambda function execution is stateless, meaning it does not retain any data between executions. However, you can use external storage (like S3 or DynamoDB) for stateful operations. - Automatic scaling: Lambda automatically scales the number of concurrent executions based on incoming requests, making it ideal for applications with variable workloads. - Cost model: Users are billed based on the number of requests and the execution duration of the function, allowing for cost-effective usage without upfront infrastructure investments. AWS Lambda is commonly used for building microservices, data processing, and automating workflows.

170

Respuesta de referencia

AWS stands out due to its extensive service portfolio (over 200 services), global infrastructure, scalability, strong ecosystem and integrations, and robust security and compliance features.

171

Respuesta de referencia

An instance is a running virtual server in the AWS cloud, while an Amazon Machine Image (AMI) is a pre-configured template used to create instances. You can think of an AMI as a snapshot of an EC2 instance, including the operating system, application software, and any additional configurations.

172

Respuesta de referencia

Amazon Relational Database Service (RDS) is a managed database service that allows users to set up, operate, and scale databases without worrying about infrastructure management tasks like backups, patches, and scaling. Unlike traditional databases, Amazon RDS is scalable and highly available out of the box, supports automated backups, and allows read replicas and multi-AZ deployments for failover and redundancy. Key differences include: scalability (RDS easily scales vertically or horizontally vs traditional databases requiring hardware upgrades), availability (RDS supports Multi-AZ deployments vs complex configuration), maintenance (managed by AWS vs manually managed), backup and recovery (automated backups and snapshots vs manual backup processes), and cost (pay-as-you-go pricing vs fixed costs with higher upfront investment).

173

Respuesta de referencia

A cloud architecture is a design that describes how cloud computing components will be deployed and managed. It includes the following components: - Compute: This component provides the processing power needed to run applications. It can be delivered as virtual machines (VMs), containers, or serverless functions. - Storage: This component provides the space to store data and applications. It can be delivered as block storage, object storage, or file storage. - Networking: This component provides the connectivity between the different components of a cloud architecture. It can be delivered as virtual private networks (VPNs), load balancers, and firewalls. - Management: This component provides the tools and services needed to manage cloud resources. It can include billing, monitoring, and orchestration tools.

174

Respuesta de referencia

- Frontend: Amazon S3 (static site hosting) + CloudFront (CDN). - Backend: AWS Lambda (serverless logic) + API Gateway. - Database: Amazon DynamoDB or RDS for transactions. - Authentication: Amazon Cognito. - Payments: AWS Marketplace or third-party APIs. - Monitoring: CloudWatch & AWS X-Ray.

175

Respuesta de referencia

In Lambda, you can find some of the best alternatives for security. When it comes to limiting access to resources, you can use Identity Access and Management. Another option that extends permissions is a privilege. Access might be restricted to unreliable or unauthorized hosts. The security group's regulations can be reviewed over time to maintain the pace.

176

Respuesta de referencia

A hot backup is taken while the database is running and can be done using tools like RMAN to create a consistent backup copy. A cold backup is taken while the database is shut down, ensuring data consistency but causing downtime during the backup process.

177

Respuesta de referencia

Virtualization is the creation of virtual versions of physical resources like servers, storage devices, and networks.

178

Respuesta de referencia

Elastic this, elastic that…. Elasticity is one of the most important advantages that cloud computing brings to the table. Elasticity is all about matching capacity to demand as closely as possible. Not all elements in an architecture can be elastic, but your architect should recognize the importance of elasticity and strive to take advantage of it at every opportunity.

179

Respuesta de referencia

Normalization is the process of organizing data in a database to eliminate redundancy and improve data integrity. It helps reduce data anomalies and ensures efficient storage and retrieval of data.

180

Respuesta de referencia

Cloud access control policies define who has access to cloud resources and what they can do with those resources. Cloud access control policies are important for cloud security because they can help to protect cloud resources from unauthorized access and use. Cloud access control policies typically include the following components: - Authentication: Authentication is the process of verifying that a user is who they say they are. - Authorization: Authorization is the process of determining what a user is allowed to do with cloud resources. - Auditing: Auditing is the process of tracking user activity in the cloud.

181

Respuesta de referencia

An AWS Region is a separate geographic area, often a specific city or part of a country, with multiple, distinct data centers. Each Region is designed to be largely self-contained and is connected to other Regions through high-speed, secure networks. An AWS Availability Zone (AZ) is a distinct, separate building or data center within a Region. These AZs are interconnected with high-bandwidth, low-latency networking, enabling redundancy and fault tolerance. - Isolation: Each AWS Region is completely isolated from other Regions in terms of its infrastructure, and is designed to be a standalone unit. - Number of AZs: Most AWS Regions are composed of at least three AZs, although some may have more. The use of three or more AZs is aimed at providing a comprehensive high-availability solution. - Distance: The AZs within a Region are located in close geographical proximity to each other, typically within 100 miles to ensure low latency. - High Availability: Deploying resources across multiple AZs within the same Region ensures redundancy and high availability. - Fault Tolerance: AZs are designed to be isolated from one another in terms of most failure scenarios, providing a level of fault tolerance that can safeguard against localized outages. - Latency: When designing multi-Region architectures, latency due to geographic distances between Regions must be taken into account. - Data Replication: Multi-Region setups often require robust data replication strategies to ensure data consistency and integrity.

182

Respuesta de referencia

AWS Lambda is a serverless computing service. It allows you to run code in response to events without provisioning or managing servers.

183

Respuesta de referencia

Amazon RDS offers security features like Virtual Private Cloud (VPC) integration, encryption at rest and in transit, IAM database authentication, and database parameter groups to configure security settings. Access control is managed through security groups and network ACLs.

184

Respuesta de referencia

Deploying applications using AWS CloudFormation involves creating and managing stacks of AWS resources as code. Here are best practices to consider: - Use Version Control: Store CloudFormation templates in a version control system (e.g., Git) to track changes and facilitate collaboration among team members. - Parameterization: Utilize parameters in templates to make them flexible and reusable. This allows for customizing stack behavior without modifying the template. - Modular Templates: Break down large templates into smaller, modular ones using nested stacks. This improves maintainability and makes it easier to manage changes. - Use IAM Roles: Create specific IAM roles with least privilege permissions for CloudFormation stacks, enhancing security by limiting access to only what is necessary. - Resource Dependencies: Explicitly define resource dependencies to ensure that resources are created in the correct order, preventing race conditions during deployment. - Change Sets: Before making updates to stacks, use Change Sets to preview changes. This helps understand the impact of changes before applying them. - Testing: Test templates in a development or staging environment before deploying them to production. This minimizes the risk of errors affecting production resources. - Logging and Monitoring: Enable CloudFormation stack logging and monitor stack events to track the deployment process and quickly identify issues. Following these best practices helps ensure reliable, scalable, and maintainable deployments using AWS CloudFormation.

185

Respuesta de referencia

Improve by automating tests and deployments, enforcing code reviews, making frequent small merges, isolating environments, and securing production access. Monitor pipeline health and resolve issues promptly.

186

Respuesta de referencia

Cloud storage security and access control is important to protect your data from unauthorized access, use, disclosure, disruption, modification, or destruction. Here are some tips for handling cloud storage security and access control: - Use encryption: Encrypt your data at rest and in transit to protect it from unauthorized access. - Implement access control: Use access control lists (ACLs) or role-based access control (RBAC) to control who has access to your data and what they can do with it. - Enable auditing: Enable auditing to track who accesses your data and what actions they take. - Monitor your cloud storage: Monitor your cloud storage for suspicious activity.

187

Respuesta de referencia

AWS Organizations is a service that helps you to manage multiple AWS accounts in a single place. Organizations provides a centralized way to create, manage, and audit AWS accounts. AWS Organizations can be used by a variety of users, including: - Enterprise IT administrators: Organizations can help enterprise IT administrators to manage multiple AWS accounts in a centralized and efficient way. - Managed service providers (MSPs): Organizations can help MSPs to manage their customers' AWS accounts in a centralized and efficient way. - Non-profit organizations: Organizations can help non-profit organizations to manage their AWS accounts in a centralized and efficient way.

188

Respuesta de referencia

A region is a geographic area containing multiple, isolated locations called Availability Zones (AZs). Each AZ consists of one or more data centers, and resources in different AZs are isolated to increase fault tolerance and availability.

189

Respuesta de referencia

A core node comprises software components that execute operations and store data in a Hadoop Distributed File System or HDFS. There is always one core node in multi-node clusters. Software elements that exclusively execute tasks are found in task nodes. Additionally, it is optional and doesn't properly store data in HDFS.

190

Respuesta de referencia

You can use Amazon CloudWatch for monitoring RDS instances. CloudWatch provides metrics and alarms to track performance, and you can also enable Enhanced Monitoring for detailed insights. Database-specific performance insights are available for MySQL and PostgreSQL.

191

Respuesta de referencia

Conducting a cost analysis for AWS services involves several steps to understand and optimize cloud spending: - AWS Cost Explorer: Use AWS Cost Explorer to visualize and analyze costs over time. It provides detailed insights into spending patterns, service usage, and trends. - Detailed Billing Reports: Enable detailed billing reports to gain visibility into costs associated with specific services, accounts, or tags. This helps identify which services are driving costs. - Tagging Resources: Implement a resource tagging strategy to categorize and track costs associated with specific projects, environments, or teams. This enables more granular cost analysis. - Budgeting and Alerts: Set budgets and configure alerts to monitor spending against predefined thresholds. This helps prevent unexpected charges and ensures financial accountability. - Analyze Reserved Instances and Savings Plans: Evaluate the use of Reserved Instances and AWS Savings Plans to identify potential savings for predictable workloads. Compare costs of on-demand vs. reserved pricing. - Cost Optimization Recommendations: Use AWS Trusted Advisor and the AWS Well-Architected Tool to receive recommendations for optimizing costs, such as identifying underutilized resources or suggesting appropriate instance types. - Forecasting: Analyze historical spending patterns to forecast future costs based on expected usage trends, allowing for better budgeting and resource planning. By following these steps, organizations can conduct comprehensive cost analyses to better understand and manage their AWS expenditures.

192

Respuesta de referencia

Architecting for resilience in AWS involves designing systems that can withstand failures and maintain operational continuity. Key strategies include: - Multi-AZ Deployments: Use multi-AZ (Availability Zone) deployments for critical services like Amazon RDS and EC2 to ensure high availability and automatic failover in case of an AZ failure. - Load Balancing: Implement load balancers (e.g., ELB) to distribute traffic across multiple instances. This ensures that if one instance fails, traffic is rerouted to healthy instances. - Auto Scaling: Use Auto Scaling groups to automatically adjust the number of running instances based on demand. This ensures that your application can handle sudden spikes in traffic while also scaling down during low traffic periods. - Data Replication: Implement data replication across regions or AZs using services like Amazon S3 Cross-Region Replication, Amazon RDS Read Replicas, or Amazon DynamoDB global tables. - Backup and Recovery: Regularly back up data using AWS Backup, and implement disaster recovery plans that include strategies for restoring applications and data in the event of a failure. - Monitoring and Alerting: Use Amazon CloudWatch to monitor application performance and set up alerts for anomalies. This proactive approach allows for quick responses to potential issues. - Testing and Failover Procedures: Regularly test failover procedures and disaster recovery plans to ensure they work as expected. Simulating failure scenarios helps identify potential weaknesses in the architecture. By implementing these strategies, organizations can create resilient architectures that minimize downtime and maintain operational integrity during failures.

193

Respuesta de referencia

The AWS Well-Architected Framework is built around six pillars: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability. These pillars guide best practices for designing and running workloads in the cloud.

194

Respuesta de referencia

- Public Subnet: A subnet that is associated with a route table that has a route to an internet gateway. Resources in a public subnet can communicate with the internet. - Private Subnet: A subnet that does not have a route to an internet gateway. Resources in a private subnet cannot communicate directly with the internet.

195

Respuesta de referencia

Cloud resources can be monitored and managed using various tools and approaches, including cloud-native monitoring services, log analysis, and custom scripts. Automated remediation processes such as auto-scaling can be used to resolve any concerns. Several vendors offer a wide range of monitoring services to optimize the health and performance of your cloud assets and resources. You can use these different tools to ensure optimum cloud strategy and performance.

196

Respuesta de referencia

A cloud application programming interface (API) is a set of rules that define how applications can interact with each other. Cloud APIs are used to develop cloud-based applications and to integrate cloud-based applications with on-premises applications.

197

Respuesta de referencia

- AWS Direct Connect: Dedicated on-prem to AWS connection. - AWS Outposts: Run AWS services on-premises. - VPN Connections: Secure site-to-site tunnels.

198

Respuesta de referencia

AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services. You simply upload your code, and the service handles the deployment.

199

Respuesta de referencia

AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. IAM allows you to manage users, groups, and roles with fine-grained permissions. It's important because it helps enforce the principle of least privilege, ensuring users only have access to the resources they need, thereby enhancing security and compliance.

200

Respuesta de referencia

AWS CloudFormation provides a way to model and set up your AWS resources using a template file. It allows you to define the infrastructure as code, which helps automate the deployment and management of AWS resources.

¿NO QUIERES PERDERTE NADA?

¡Pase 100% la prueba de práctica de Cisco, PMP, CISA, CISM, AWS en OFERTA!
Obtener ahora

Obtenga una certificación para destacar su currículum.

¿NO QUIERES PERDERTE NADA?

¡Pase 100% la prueba de práctica de Cisco, PMP, CISA, CISM, AWS en OFERTA! Obtener ahora

Obtenga una certificación para destacar su currículum.

¡Pase 100% la prueba de práctica de Cisco, PMP, CISA, CISM, AWS en OFERTA!
Obtener ahora