SAA C03 Study Test Questions with 100% Correct
Verified Solutions
Security Groups - ✔✔• Security Groups are the fundamental of network security in AWS
• They control how traffic is allowed into or out of our EC2 Instances.
• Security groups only contain rules
• Security groups rules can reference by IP or by security group
• They regulate:
• Access to Ports
• Authorised IP ranges - IPv4 and IPv6
• Control of inbound network (from other to the instance)
• Control of outbound network (from the instance to other)
-Stateful
Security Groups Good to know - ✔✔-Can be attached to multiple instances
-Locked down to a region / VPC combination
-Does live "outside" the EC2 - if traffic is blocked the EC2 instance won't see it
-It's good to maintain one separate security group for SSH access
-If your application is not accessible (time out), then it's a security group issue
-If your application gives a "connection refused" error, then it's an application error or it's not
launched
-All inbound traffic is blocked by default
-All outbound traffic is authorised by default
Classic Ports to know - ✔✔• 22 = SSH (Secure Shell) - log into a Linux instance
• 21 = FTP (File Transfer Protocol) - upload files into a file share
,• 22 = SFTP (Secure File Transfer Protocol) - upload files using SSH
• 80 = HTTP - access unsecured websites
• 443 = HTTPS - access secured websites
• 3389 = RDP (Remote Desktop Protocol) - log into a Windows instance
EC2 Instance Connect - ✔✔• Connect to your EC2 instance within your browser
• No need to use your key file that was downloaded
• The "magic" is that a temporary key is uploaded onto EC2 by AWS
• Works only out-of-the-box with Amazon Linux 2
• Need to make sure the port 22 is still opened!
EC2 Instances Purchasing Options - ✔✔• On-Demand Instances - short workload, predictable
pricing, pay by second
• Reserved (1 & 3 years)
-Reserved Instances - long workloads
-Convertible Reserved Instances - long workloads with flexible instances
• Savings Plans (1 & 3 years) -commitment to an amount of usage, long workload
• Spot Instances - short workloads, cheap, can lose instances (less reliable)• Dedicated Hosts -
book an entire physical server, control instance placement
• Dedicated Instances - no other customers will share your hardware
• Capacity Reservations - reserve capacity in a specific AZ for any duration
EC2 On Demand - ✔✔Pay for what you use:
• Linux or Windows - billing per second, after the first minute
• All other operating systems - billing per hour
Has the highest cost but no upfront payment
No long-term commitment
,Recommended for short-term and un-interrupted workloads, where you can't predict how the
application will behave
EC2 Reserved Instances - ✔✔• Up to 72% discount compared to On-demand
• You reserve a specific instance attributes (Instance Type, Region,Tenancy, OS)
• Reservation Period - 1 year (+discount) or 3 years (+++discount)
• Payment Options - No Upfront (+), Partial Upfront (++), All Upfront (+++)
• Reserved Instance's Scope - Regional or Zonal (reserve capacity in an AZ)
• Recommended for steady-state usage applications (think database)
• You can buy and sell in the Reserved Instance Marketplace
• Convertible Reserved Instance
• Can change the EC2 instance type, instance family, OS, scope and tenancy
• Up to 66% discount
EC2 Savings Plans - ✔✔• Get a discount based on long-term usage (up to 72% - same as RIs)
• Commit to a certain type of usage ($10/hour for 1 or 3 years)
• Usage beyond EC2 Savings Plans is billed at the On-Demand price
• Locked to a specific instance family & AWS region (e.g., M5 in us-east-1)
• Flexible across:
• Instance Size (e.g., m5.xlarge, m5.2xlarge)
• OS (e.g., Linux, Windows)
• Tenancy (Host, Dedicated, Default)
EC2 Spot Instances - ✔✔Can get a discount of up to 90% compared to On-demand
Instances that you can "lose" at any point of time if your max price is less than the current spot
price
The MOST cost-efficient instances in AWS
Useful for workloads that are resilient to failure
, Not suitable for critical jobs or databases
EC2 Dedicated Hosts - ✔✔A physical server with EC2 instance capacity fully dedicated to
your use
Allows you address compliance requirements and use your existing server- bound software
licenses (per-socket, per-core, pe—VM software licenses)
Purchasing Options:
• On-demand - pay per second for active Dedicated Host
• Reserved - 1 or 3 years (No Upfront,Partial Upfront,All Upfront)
The most expensive option
Useful for software that have complicated licensing model (BYOL - Bring Your Own License)
Or for companies that have strong regulatory or compliance needs
EC2 Dedicated Instances - ✔✔Instances run on hardware that's dedicated to you
May share hardware with other instances in same account
No control over instance placement (can move hardware after Stop / Start)
EC2 Capacity Reservations - ✔✔Reserve On-Demand instances capacity in a specific AZ for
any duration
You always have access to EC2 capacity when you need it
No time commitment (create/cancel anytime), no billing discounts
Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts
You're charged at On-Demand rate whether you run instances or not
Suitable for short-term, uninterrupted workloads that needs to be in a specific AZ
How to terminate Spot Instances? - ✔✔You can only cancel Spot Instance requests that are
open, active, or disabled.
Cancelling a Spot Request does not terminate instances
Verified Solutions
Security Groups - ✔✔• Security Groups are the fundamental of network security in AWS
• They control how traffic is allowed into or out of our EC2 Instances.
• Security groups only contain rules
• Security groups rules can reference by IP or by security group
• They regulate:
• Access to Ports
• Authorised IP ranges - IPv4 and IPv6
• Control of inbound network (from other to the instance)
• Control of outbound network (from the instance to other)
-Stateful
Security Groups Good to know - ✔✔-Can be attached to multiple instances
-Locked down to a region / VPC combination
-Does live "outside" the EC2 - if traffic is blocked the EC2 instance won't see it
-It's good to maintain one separate security group for SSH access
-If your application is not accessible (time out), then it's a security group issue
-If your application gives a "connection refused" error, then it's an application error or it's not
launched
-All inbound traffic is blocked by default
-All outbound traffic is authorised by default
Classic Ports to know - ✔✔• 22 = SSH (Secure Shell) - log into a Linux instance
• 21 = FTP (File Transfer Protocol) - upload files into a file share
,• 22 = SFTP (Secure File Transfer Protocol) - upload files using SSH
• 80 = HTTP - access unsecured websites
• 443 = HTTPS - access secured websites
• 3389 = RDP (Remote Desktop Protocol) - log into a Windows instance
EC2 Instance Connect - ✔✔• Connect to your EC2 instance within your browser
• No need to use your key file that was downloaded
• The "magic" is that a temporary key is uploaded onto EC2 by AWS
• Works only out-of-the-box with Amazon Linux 2
• Need to make sure the port 22 is still opened!
EC2 Instances Purchasing Options - ✔✔• On-Demand Instances - short workload, predictable
pricing, pay by second
• Reserved (1 & 3 years)
-Reserved Instances - long workloads
-Convertible Reserved Instances - long workloads with flexible instances
• Savings Plans (1 & 3 years) -commitment to an amount of usage, long workload
• Spot Instances - short workloads, cheap, can lose instances (less reliable)• Dedicated Hosts -
book an entire physical server, control instance placement
• Dedicated Instances - no other customers will share your hardware
• Capacity Reservations - reserve capacity in a specific AZ for any duration
EC2 On Demand - ✔✔Pay for what you use:
• Linux or Windows - billing per second, after the first minute
• All other operating systems - billing per hour
Has the highest cost but no upfront payment
No long-term commitment
,Recommended for short-term and un-interrupted workloads, where you can't predict how the
application will behave
EC2 Reserved Instances - ✔✔• Up to 72% discount compared to On-demand
• You reserve a specific instance attributes (Instance Type, Region,Tenancy, OS)
• Reservation Period - 1 year (+discount) or 3 years (+++discount)
• Payment Options - No Upfront (+), Partial Upfront (++), All Upfront (+++)
• Reserved Instance's Scope - Regional or Zonal (reserve capacity in an AZ)
• Recommended for steady-state usage applications (think database)
• You can buy and sell in the Reserved Instance Marketplace
• Convertible Reserved Instance
• Can change the EC2 instance type, instance family, OS, scope and tenancy
• Up to 66% discount
EC2 Savings Plans - ✔✔• Get a discount based on long-term usage (up to 72% - same as RIs)
• Commit to a certain type of usage ($10/hour for 1 or 3 years)
• Usage beyond EC2 Savings Plans is billed at the On-Demand price
• Locked to a specific instance family & AWS region (e.g., M5 in us-east-1)
• Flexible across:
• Instance Size (e.g., m5.xlarge, m5.2xlarge)
• OS (e.g., Linux, Windows)
• Tenancy (Host, Dedicated, Default)
EC2 Spot Instances - ✔✔Can get a discount of up to 90% compared to On-demand
Instances that you can "lose" at any point of time if your max price is less than the current spot
price
The MOST cost-efficient instances in AWS
Useful for workloads that are resilient to failure
, Not suitable for critical jobs or databases
EC2 Dedicated Hosts - ✔✔A physical server with EC2 instance capacity fully dedicated to
your use
Allows you address compliance requirements and use your existing server- bound software
licenses (per-socket, per-core, pe—VM software licenses)
Purchasing Options:
• On-demand - pay per second for active Dedicated Host
• Reserved - 1 or 3 years (No Upfront,Partial Upfront,All Upfront)
The most expensive option
Useful for software that have complicated licensing model (BYOL - Bring Your Own License)
Or for companies that have strong regulatory or compliance needs
EC2 Dedicated Instances - ✔✔Instances run on hardware that's dedicated to you
May share hardware with other instances in same account
No control over instance placement (can move hardware after Stop / Start)
EC2 Capacity Reservations - ✔✔Reserve On-Demand instances capacity in a specific AZ for
any duration
You always have access to EC2 capacity when you need it
No time commitment (create/cancel anytime), no billing discounts
Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts
You're charged at On-Demand rate whether you run instances or not
Suitable for short-term, uninterrupted workloads that needs to be in a specific AZ
How to terminate Spot Instances? - ✔✔You can only cancel Spot Instance requests that are
open, active, or disabled.
Cancelling a Spot Request does not terminate instances
