Exam (elaborations)
2024 AWS SOLUTIONS ARCHITECT TERMS-UDEMY TRAINING EXAM WITH CORRECT ANSWERS
- Course
- Institution
2024 AWS SOLUTIONS ARCHITECT TERMS-UDEMY TRAINING EXAM WITH CORRECT ANSWERS
[Show more]
Content preview
2024 AWS SOLUTIONS ARCHITECTTERMS-UDEMY TRAINING EXAM
WITH CORRECT ANSWERS
IAM Policy - CORRECT-ANSWERSAnatomy of a Policy: Explicit DENY has
precedence over ALLOW
JSON doc with outline of
-Effect
-Action
-Resource
-Conditions
-Policy Variables
VPC Basics-• Security Groups - CORRECT-ANSWERS• Security Groups •
Applied at the instance level, only support for allow rules, no deny rules •
Stateful = return traffic is automatically allowed, regardless of rules • Can
reference other security groups in the same region (peered VPC, cross-
account)
VPC Basics - Flow Logs - CORRECT-ANSWERS• VPC Flows Logs • Log internet
traffic going through your VPC • Can be defined at the VPC level, Subnet
level, or ENI-level • Helpful to capture "denied internet traffic" • Can be sent
to CloudWatch Logs and Amazon S3
VPC Basics • Bastion Hosts - CORRECT-ANSWERS• Bastion Hosts • SSH into
private EC2 instances through a public EC2 instance (bastion host) • You
must manage these instances yourself (failover, recovery) • SSM Session
Manager is a more secure way to remote control without SSH
VPC Basics • IPv6 in short - CORRECT-ANSWERSIPv6 in short • All IPv6
addresses are public, total 3.4×1038 addresses (vs 4.3 billion IPv4) •
Example CIDR: 2600:1f18:80c:a900::/56 • Addresses are "random" and can't
be scanned online (because too many)
• VPC support for IPv6 • Create an IPv6 CIDR for VPC & use an IGW (supports
IPv6)
• Public subnet: • Create an instance with IPv6 support • Create a route
table entry to ::/0 (IPv6 "all") to the IGW
, • Private subnet (instances cannot be reached by IPv6 but can reach IPv6): •
Create an Egress-Only Internet Gateway in the public subnet • Add a route
table entry for the private subnet from ::/0 to the Egress-Only IGW
VPC Peering - CORRECT-ANSWERSYou must update route tables in each
VPC's subnets to ensure instances can communicate
• Connect two VPC, privately using AWS' network
• Make them behave as if they were in the same network
• Must not have overlapping CIDR
• VPC Peering connection is not transitive (must be established for each VPC
that need to communicate with one another)
• You can do VPC peering with another AWS account
VPC Peering - Good to know - CORRECT-ANSWERS• VPC peering can work
inter-region, cross-account
• You can reference a security group of a peered VPC (works cross account)
VPC Endpoints Interface - CORRECT-ANSWERS• Provision an ENI that will
have a private endpoint interface hostname
• Leverage Security Groups for security
• Private DNS (setting when you create the endpoint) • The public hostname
of a service will resolve to the private Endpoint Interface hostname • VPC
Setting: "Enable DNS hostnames" and "Enable DNS Support" must be 'true'
• Interface can be accessed from Direct Connect and Site-to-Site VPN
AWS PrivateLink (VPC Endpoint Services) - CORRECT-ANSWERS• Requires a
network load balancer (Service VPC) and ENI (Customer VPC)
• If the NLB is in multiple AZ, and the ENI in multiple AZ, the solution is fault
tolerant!
• Most secure & scalable way to expose a service to 1000s of VPC (own or
other accounts)
• Does not require VPC peering, internet gateway, NAT, route tables...
Site to Site VPN (AWS Managed VPN) - CORRECT-ANSWERS• on-premises: •
Setup a software or hardware VPN appliance to your on-premises network. •
The on-premises VPN should be accessible using a public IP
• AWS-side: • Setup a Virtual Private Gateway (VGW) and attach to your VPC
• Setup a Customer Gateway to point the on- premises VPN appliance
• Two VPN connections (tunnels) are created for redundancy, encrypted
using IPSec
Can optionally accelerate it using Global Accelerator (for worldwide
networks)
,Direct Connect - CORRECT-ANSWERS• Provides a dedicated private
connection from a remote network to your VPC
Dedicated connection must be setup between your DC and AWS Direct
Connect locations
• More expensive than running a VPN solution
• Private access to AWS services through VIF
• Bypass ISP, reduce network cost, increase bandwidth and stability
• Not redundant by default (must setup a failover DX or VPN)
Direct Connect - Encryption - CORRECT-ANSWERS• Data in transit is not
encrypted but is private
• Good for an extra level of security, but slightly more complex to put in
place
• AWS Direct Connect + VPN provides an IPsec-encrypted private connection
• VPN over Direct Connect connection Uses Public VIF
Direct Connect - Link Aggregation Groups (LAG) - CORRECT-ANSWERSGet
increased speed and failover by summing up existing DX connections into a
logical one
Direct Connect Gateway - CORRECT-ANSWERS• If you want to setup a Direct
Connect to one or more VPC in many different regions (same/cross account),
you must use a Direct Connect Gateway
Alexa for Business - CORRECT-ANSWERS• Use Alexa to help employees be
more productive in meeting rooms and their desk
• Measure and increase the utilization of meeting rooms in their workplace
Amazon Lex: (same technology that powers Alexa) - CORRECT-ANSWERS•
Automatic Speech Recognition (ASR) to convert speech to text
• Natural Language Understanding to recognize the intent of text, callers
• Helps build chatbots, call center bots
Amazon Connect - CORRECT-ANSWERS• Receive calls, create contact flows,
cloud-based virtual contact center
• Can integrate with other CRM systems or AWS
AWS Rekognition - CORRECT-ANSWERS• Find objects, people, text, scenes in
images and videos using ML
• Facial analysis and facial search to do user verification, people counting
• Create a database of "familiar faces" or compare against celebrities
, • Use cases:• Labeling • Content Moderation • Text Detection • Face
Detection and Analysis (gender, age range, emotions...) • Face Search and
Verification • Celebrity Recognition • Pathing (ex: for sports game analysis)
Kinesis Video Streams - CORRECT-ANSWERS• Cannot output the stream data
to S3 (must build custom solution)
One video stream per streaming device (producers) • Security cameras,
body worn camera, smartphone • Can use a Kinesis Video Streams Producer
library
• Underlying data is stored in S3 (but we don't have access to it)
• Consumers: • Consumed by EC2 instances for real time analysis, or in
batch • Can leverage the Kinesis Video Stream Parser Library • Integration
with AWS Rekognition for facial detection
AWS WorkSpaces - CORRECT-ANSWERS• Managed, Secure Cloud Desktop •
Great to eliminate management of on-premises VDI (Virtual Desktop
Infrastructure) • On Demand, pay per by usage • Secure, Encrypted,
Network Isolation • Integrated with Microsoft Active Directory
Amazon AppStream 2.0 - CORRECT-ANSWERS• Desktop Application
Streaming Service
• Deliver to any computer, without acquiring, provisioning infrastructure
• The application is delivered from within a web browser
Amazon AppStream 2.0 vs WorkSpaces - CORRECT-ANSWERSWorkspaces •
Fully managed VDI and desktop available • The users connect to the VDI and
open native or WAM applications • Workspaces are on-demand or always on
AppStream 2.0 • Stream a desktop application to web browsers (no need to
connect to a VDI) • Works with any device (that has a web browser) • Allow
to configure an instance type per application type (CPU, RAM, GPU)`
Amazon Mechanical Turk - CORRECT-ANSWERS• Crowdsourcing marketplace
to perform simple human tasks
• Integrates with SWF natively, does not integrate with Step Functions
• Distributed virtual workforce.
• Example: • You have a list of 10,000 restaurant names in your area and
you want to get the telephone number, opening hours, address, etc... •
Assume the restaurant name is not perfect, therefore Google API cannot help
• You distribute the task on Mechanical Turk and humans will fill your
database
• Other use cases: image classification, data collection, business processing
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Elitaa. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $25.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75759 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now