9346693
Description
Flashcards by Sarwesh Saurabh, updated more than 1 year ago
|
Created by Sarwesh Saurabh
almost 7 years ago
|
|
| Question | Answer |
| 1: When designing cloud services, which of the following design elements should you NOT consider? | When designing cloud architecture, you always want to start by designing for failure, and create self-healing whenever possible. Decoupling your application is also best practice. However, you should always use a MIN of TWO Availability Zones. Only using one Availability Zone does not allow for high availability. |
| 2: What feature should you utilize if auto scaling and load balancing are not available? | Setting up an Elastic IP address and having it ready for failover is a great solution when other services that provide high availability and fault tolerance are not available. |
| 3: What service is best for logging all actions taken against the AWS API? | Cloudtrail is AWS's logging service that can be used to log all actions taken inside your AWS account. |
| 4: True or False: When designing for elasticity and scalability, you always want to scale UP instead of OUT. | When designing for elasticity and scalability, you want to strive for scaling out (adding more instances) instead of scaling up (increasing instance sizes). However, you must make sure you start with the proper instance size. |
| 5: In the shared security responsibility model, what are item are you NOT responsible for managing? | AWS is responsible for everything physical. That includes the security of the physical hardware at their data centers and their network infrastructure. You are responsible for selecting and managing the security for AMI and the OS you install on instances. |
| 6: Perfect Forward Secrecy is used to offer SSL/TLS cipher suites for which two AWS services? | Cloudfront and ELB |
| 7: What AWS service, if used as part of your application's architecture, has an added benefit of helping to mitigate DDoS attacks from hitting your back-end instances? | When CloudFront is used as part of your application's architecture, traffic from a DDoS attack will most likely be redirected to the cached data at an edge location (instead of being routed to your applications EC2 instances). |
| 8: True or False: S3 offers 256-bit encryption for data-at-rest. True | S3 offers 256-bit encryption for data-at-rest, which is an option you an turn on/off. AWS manages the keys and will decrypt the data when you request to download it. |
| 9: What best describes CloudHSM? | CloudHSM (which is not a feature specific to AWS) is a dedicated appliance that is used to store security keys. |
| 10: What it is called when you have a minimal version of your production environment running (which can be easily increased in size) as a disaster recovery solution? | A pilot light is the practice of having an minimally active version of of your environment set up and running in a separate region. If there is catastrophic failure on your primary environment, you can quickly spin up the pilot light environment to become your primary environment. |
| 11: What best describes Recovery Time Objective (RTO)? | The Recovery Time Objective (RTO) is the time it takes after a disruption to restore operations back to its regular service level (as defined by a company's operational level agreement). |
Want to create your own Flashcards for free with GoConqr? Learn more.