-COMPLETE STUDY GUIDE - AWS Certified Solutions Architect - Associate (SAA-C02) Certification 2025/2026 Exam Question and Answers [100% Correct] Latest Release!!

-COMPLETE STUDY GUIDE - AWS Certified Solutions Architect - Associate (SAA-C02) Certification 2025/2026 Exam Question and Answers [100% Correct] Latest Release!! What type of AWS account is initially created when setting up AWS and has full administrator access? Root account When a new IAM account is created in AWS, what permissions does it have by default? No permissions until granted When a new IAM user is granted programmatic access, what does AWS assign to them? An Access Key ID and Secret Access Key What is the primary use of Access Keys in AWS? To access AWS services via the CLI and SDK (not for console access) What happens to AWS Access Keys once they are created? They are only shown once. If lost, they must be deleted and recreated. What security feature should always be enabled on the root account in AWS? Multi-Factor Authentication (MFA) Who is responsible for enabling MFA on IAM users in AWS? The user must enable MFA themselves, not an administrator. 1 What feature in IAM allows you to enforce password complexity and automatic password rotation? Password policies In AWS IAM, what are the types of identities that can be created? Users, Groups, and Roles What is an IAM user in AWS? An entity that logs into the AWS console or interacts with AWS resources programmatically How do IAM Groups in AWS help manage permissions? They group users who share similar permissions, such as admins or developers. What does an IAM Role in AWS allow you to do? Assign permissions to a role and assign that role to a user or group. What type of document is an IAM Policy, and what does it define? A JSON document that grants permissions for a specific user, group, or role to access AWS services What are Managed Policies in IAM, and how are they handled? Policies provided by AWS that cannot be edited by users What are Customer Managed Policies in IAM? Policies created by the customer that can be edited as needed What are Inline Policies in IAM? Policies that are directly attached to a specific user, group, or role 2 What is AWS Kinesis used for? To collect, process, and analyze streaming data in real-time What is the purpose of Kinesis Data Streams? To organize data into shards where each consumer maintains its own data position, with data retention from 24 hours to 168 hours. How does Kinesis Firehose differ from Kinesis Data Streams? Kinesis Firehose processes data and sends it directly to services like S3, Redshift, or Elasticsearch without storing it. What is Kinesis Data Analytics used for? To perform real-time queries on streaming data, with input and output coming from Kinesis Data Streams or Firehose. What does Kinesis Video Analytics do? It ingests and processes video and audio data for machine learning applications like SageMaker and Rekognition. What is the Kinesis Producer Library (KPL)? A Java library designed to simplify the process of writing data to Kinesis Data Streams. What is AWS Lambda? A serverless computing service that lets you run code without managing servers. How is AWS Lambda serverless? You do not need to worry about managing the underlying infrastructure. What is AWS Lambda best suited for? Short-running tasks that do not require a customized operating system environment. 3 Which AWS service should you consider if your tasks need a long runtime or a custom OS environment? AWS Fargate Which programming languages does AWS Lambda support? Ruby, Python, Java, N, C#, PowerShell, and Go How does AWS Lambda billing work? You pay per invocation, based on the duration and memory used, rounded up to the nearest 100 milliseconds. The first 1 million requests are free. What configuration options can you adjust for an AWS Lambda function? You can adjust the function’s duration timeout (up to 15 minutes) and memory (up to 3008 MB). What triggers AWS Lambda functions? Lambda functions can be triggered by AWS services like S3, API Gateway, and DynamoDB, or directly through the SDK. How does AWS Lambda handle scaling? Lambda can scale up to 1000 concurrent executions by default, which can be increased upon request. What is a cold start in AWS Lambda? It’s the delay that occurs when a Lambda function is invoked after not being executed for a period of time. What happens during a cold start in AWS Lambda? The response time increases as the Lambda function initializes a new instance to handle the request. 4 What is a warm start in AWS Lambda? When Lambda code is already loaded into memory and ready to execute quickly upon being called. What does a default Network Access Control List (NACL) in an AWS VPC allow? It allows all inbound and outbound traffic. What must each subnet in an AWS VPC be associated with? A Network Access Control List (NACL) How does associating a subnet with a new NACL affect its previous NACL? The previous NACL association will be replaced by the new one. What happens if a subnet is not explicitly associated with a NACL? It will automatically inherit the default NACL settings. What is a key difference between NACLs and Security Groups in AWS? NACLs can have both allow and deny rules, whereas Security Groups can only allow traffic. What is the state of NACLs in AWS? NACLs are stateless, meaning that traffic allowed in one direction is not automatically allowed in the other. What does creating a new NACL in AWS do by default? It denies all inbound and outbound traffic until specific rules are defined. How are NACL rules evaluated? They are evaluated in order from the lowest to the highest numbered rule. 5 Which AWS feature allows you to block a specific IP address from accessing resources? Network Access Control Lists (NACLs) --- What is AWS RDS? AWS's managed solution for relational databases. --- What access does AWS RDS provide to the virtual machines hosting databases? You cannot SSH into the virtual machines running RDS databases. --- Which relational database engines are available with AWS RDS? Aurora, MySQL, MariaDB, Postgres, Oracle, and Microsoft SQL Server --- What is the benefit of enabling Multi-AZ for RDS? It creates a standby copy of the database in another availability zone for high availability and failover. --- How does AWS RDS handle data synchronization when Multi-AZ is enabled? AWS automatically synchronizes the primary database’s changes to the standby copy. 6 --- What does automatic failover in RDS Multi-AZ deployments do? If the primary database fails, the standby database is promoted to the master role. --- What are Read Replicas in AWS RDS used for? To create read-only copies of a database, reducing the workload on the primary database and improving performance. --- What type of replication do Read Replicas use in AWS RDS? Asynchronous replication --- What is required to use Read Replicas in AWS RDS? Automatic backups must be enabled on the primary database. --- How many Read Replicas can be created for an RDS database instance? Up to five Read Replicas Simple Storage Service (S3) SSE stands for Server Side Encryption and ___ has 3 options for SSE 7 Amazon Machine Image (AMI) ___ provides the information required to launch an instance Amazon Machine Image (AMI) ___ are region specific, if you need to use an AMI in another region you can copy an AMI into the destination region via Copy AMI Amazon Machine Image (AMI) running or stopped Amazon Machine Image (AMI) Amazon Machine Image (AMI) maintained by vendors Amazon Machine Image (AMI) You can create an ___ from an existing EC2 instance that's either Community ___ are free ___ maintained by the community AWS Marketplace offers free or paid subscriptions to ___ that are All ___ have an ___ ID. Amazon Linux 2 will vary in both ___ ID and options Amazon Machine Image (AMI) ___ holds the following Information: - A template for the root volume for the instance (EBS Snapshot), OS, Application Server, & Apps - Launch permissions that control which AWS account can use the ___ to launch instances - A block device mapping that specifies the volumes to attach to the instance when its launched API Gateway API Gateway ___ is a solution for creating secure APIs in your cloud environment at any scale. ___ acts as a front door for applications to access data, business logic, or functionality from back-end services. API Gateway ___ throttles api endpoints at 10,000 request per second (can be increased via service request through AWS support) 8 API Gateway staging, EA, Dev) API Gateway your API API Gateway API Gateway ___ Stages allow you to have multiple published version of your API (eg. prod, each ___ Stage has an Invoke URL which is the endpoint you use to interact with ___ allow you to use a custom domain for your Invoke URL (Example ) To publish your to API to ___ you must use Deploy API - You choose which Stage you want to publish your API (Ex: or ) API Gateway API Gateway API Gateway DELETE) API Gateway endpoints API Gateway endpoint API Gateway API Gateway ___ Resources are your URLs (ex: /projects) ___ Resources can have child resources (ex: /project/id/edit) ___ allows you to define multiple Methods on your Resources (ex: GET, POST, CORS issue are common with ___, CORS can be enabled on all or individual ___ uses Caching to improve latency and reduce the amount of calls made to your ___ can use Same Origin Policies to help prevent XSS attacks ___ can use Same Origin Policies to ignore tools like postman or curl 9 API Gateway When using ___ and CORS, CORS is always enforced by the client API Gateway Lambda Using ___ you can require Authorization to your API via AWS Cognito or a custom Cross-origin resource sharing (CORS) ___ defines a way for client web applications that are loaded in one domain to interact with resources in a different domain Cross-origin resource sharing (CORS) With ___ support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources Cross-origin resource sharing (CORS) ___ is a browser security feature that restricts cross-origin HTTP requests that are initiated from scripts running in the browser Cross-origin resource sharing (CORS) If your REST API's resources receive non-simple cross-origin HTTP requests, you need to enable ___ support API Gateway "Stages" ___ is a named reference to a deployment, which is a snapshot of the API - You use a Stage to manage and optimize a particular deployment - EX: you can configure stage settings to enable caching, customize request throttling, configure logging, define stage variables, or attach a canary release for testing Aurora ___ is a fully-managed Postgres or MySQL database that needs to scale, automatic backups, high availability and fault tolerance Aurora Aurora ___ can run MySQL or Postgres database engines ___ MySQL service is 5x faster over regular MySQL 10 Aurora ___ Postgres service is 3x faster over regular Postgres Aurora options Aurora Aurora Aurora Aurora low Aurora ___ is a 1/10 the cost over its competitors with similar performance and availability ___ replicates 6 copies for your database across 3 Availability Zones ___ is allowed up to 15 ___ Replicas An ___ database can span multiple regions via ___ Global Database ___ Serverless allows you to stop and start ___ and scale automatically while keeping costs ___ Serverless is ideal for new projects or projects with infrequent database usage Aurora Serverless ___ is an on-demand, auto-scaling configuration for Amazon Aurora (MySQL compatible and PostgreSQL-compatible editions), where the database will automatically start up, shut down, and scale capacity up or down based on your application's needs CLI (Command Line Interface) command line SDK (Software Development Kit) into your applications Programmatic Access ___ lets you interact with AWS from anywhere by simply using a ___ is a set of API libraries that let you integrate AWS services ___ must be enabled per user via the AIM console to use CLI or SDK Configure ___ command is used to setup your AWS credentials for the CLI 11 CLI (Command Line Interface) ___ is installed via a Python Script SDK (Software Development Kit) ___ supports many programming languages such as C++, Go, Java, Javascript, .Net, NodeJs, PHP, Python, Ruby CloudFormation CloudFormation CloudFormation CloudFormation CloudFormation When being asked to automate the provisioning of resource think ___ When Infrastructure as Code (IaC) is mentioned think ___ ___ can be written in either JSON or YAML When ___ encounters an error it will rollback with ROLLBACK_IN_PROGRESS ___ templates larger than 51,200 Bytes (0.05 MB) are too large to upload directly and must be imported into ___ via an S3 bucket CloudFormation NestedStacks help you break up ___ template into smaller reusable templates that can be composed into larger templates CloudFormation valid CloudFormation CloudFormation CloudFormation CloudFormation At least one resource under resources: must be defined for a ___ template to be Metabase is extra information about your ___ template Description is a description of what the ___ template is suppose to do Parameters are how you get user inputs into the ___ template Transforms applies macros (like applying a mod which change the anatomy to be custom) within your ___ template 12 CloudFormation template CloudFormation CloudFormation Outputs are values you can use to import into other stacks within your ___ Mapping maps keys to values, just like a lookup table within your ___ template Resources defines the resource you want to provision, at least one resource is required within your ___ template CloudFormation your ___ template Conditions are whether resources are created or properties are assigned within DNS (Domain Name System) ___ is the internet service that converts domain names into routable IP addresses (ex: == 112.12.3.4) IPv4 IPv6 ___ is a 32 bit address space (limited number of addresses) ___ is a 128 bit address space (virtually unlimited number of addressess) Top-Level Domain net. ___ is the part of a domain that comes after the dot, for example, com, org or - Generally, you can divide TLDs into two types: Generic top-level domains (gTLD) - Roughly all domains that are not associated with a country. - The most known are com, org and net. Second-Level Domain ___ is a domain that is directly below a top-level domain (TLD). - Ex: In "", "example" is the second-level domain of the .com TLD. 13 Domain Registrar Name Server Start of Authority (SOA) A Records ___ is a 3rd party company who you register domains through ___ are servers which contain the DNS records for a domain ___ contains information about the DNS zone and associated DNS records ___ is a DNS record which directly converts a domain name into an IP address CNAME Record name Time to Live (TTL) propagate faster) DynamoDB DynamoDB ___ is a DNS record which lets you convert a domain name into another domain ___ is the time that a DNS record will be cached for (lower time means change ___ is a fully managed NoSQL key/value and document database ___ is used for applications that contain large amounts of data but require predictable read and write performance while scaling is a good fit for ___ DynamoDB DynamoDB Reads DynamoDB be inconsistent. ___ scales with whatever read and write capacity you specify per second ___ can be set to have Eventually Consistent Reads (default) and Strongly Consistent ___ Eventually Consistent Reads (Default) data is returned immediately but data can - Copies of data will be generally consistent in 1 second. 14 DynamoDB ___ Strongly Consistent Reads will wait until data in consistent. - Data will never be inconsistent but latency will be higher. - copies of data will be consistent with a guarantee of 1 second DynamoDB ___ stores 3 copies of the data on SSD drives across 3 regions Elastic Block Store (EBS) ___ is a virtual hard disk. - Snapshots are a point-in-time copy of the disk Elastic Block Store (EBS) - Snapshots exist on S3 Elastic Block Store (EBS) snapshot are moved to S3 Elastic Block Store (EBS) subsequent snapshots Elastic Block Store (EBS) stopped before the snapshot. Elastic Block Store (EBS) Elastic Block Store (EBS) Volumes exist on ___ ___ snapshots are incremental, only changes made since the last ___ initial snapshots of the EC2 instance will take longer to create than If you take a ___ Snapshot of a root volume, the EC2 instance should be ___ snapshots can be taken while the instance is still running You can create AMIs from ___ Volumes or Snapshots 15 ___ Volumes are a durable, block-level storage device that you can attach Elastic Block Store (EBS) to a single EC2 instance Elastic Block Store (EBS) Elastic Block Store (EBS) Elastic Block Store (EBS) ___ Volumes can be modified on the fly (ex: storage type or volume size) ___ Volumes always exist in the same AZ as the EC2 instance ___ Instance Store Volumes are a Temporary storage type located on disks that are physically attached to a host machine Elastic Block Store (EBS) ___ Instance Store Volumes (ephemeral) cannot be stopped. - If the host fails/shutdowns/restarts then you lose all your data Elastic Block Store (EBS) Elastic Block Store (EBS) Elastic Block Store (EBS) on termination) Elastic Block Store (EBS) Elastic Block Store (EBS) Elastic Block Store (EBS) made public EC2 Auto Scaling Groups (ASG) management ___ Backed instances can be stopped and you will not lose any data ___ by default the root volumes are deleted on termination ___ Volumes can have termination protection (Don't delete the volume ___ Snapshots or restored encrypted volumes will also be encrypted ___ snapshots cannot be shared if it has been encrypted ___ unencrypted snapshots can be shared with other AWS accounts or ___ is a collection of EC2 instances grouped for scaling and 16 Scaling Out ___ is traditionally when you add more resources (such as webservers). - Using autoscaling with EC2 instances - AWS EC2 Auto Scaling Groups (ASG) Scaling In ___ is when you remove resources (such as servers) - AWS EC2 Auto Scaling Groups (ASG) Scaling Up with a larger size) ___ is when you increase the size of an instance (ex: updating Launch Configuration - AWS EC2 Auto Scaling Groups (ASG) EC2 Auto Scaling Groups (ASG) EC2 Auto Scaling Groups (ASG) ___ EC2 Auto Scaling Groups (ASG) instances in an ___ Target Scaling Policy Size of an ___ is based on a Min, Max, and Desired Capacity Health checks determine the current state of an instance in the Health checks can be run against either an ELB or the EC2 ___ scales based on when a target value for a metric is breached (ex: average CPU utilization exceed 75%) - AWS EC2 Auto Scaling Groups (ASG) 17 Scaling Policy with Steps ___ is the new version of Simple Scaling Policy and allows you to create steps based on eculation alarms values. - AWS EC2 Auto Scaling Groups (ASG) Desired Capacity ___ is how many EC2 instances you want to ideally run - AWS EC2 Auto Scaling Groups (ASG) EC2 Auto Scaling Groups (ASG) EC2 Auto Scaling Groups (ASG) An ___ will always launch instances to meet minimum capacity When a ___ launches a new instance it uses a Launch Configuration which holds the configuration values for that new instance (ex: AMI, InstanceType, Role) Launch Configurations ___ cannot be edited and must be cloned or a new one created - AWS EC2 Auto Scaling Groups (ASG) Launch Configurations ___ must be manually updated by editing the Auto Scaling settings - AWS EC2 Auto Scaling Groups (ASG) EC2 EC2 EC2 EC2 ___ is a Cloud Computing Service Configure your ___ by choosing your OS, Storage, Memory, Network Throughput You can launch a ___ and SSH into your server within minutes ___ - General Purpose Instance is a balance of compute, memory and networking resources 18 EC2 ___ - Compute Optimized Instance is ideal for compute bound applications that benefit from high performance processor EC2 ___ - Memory Optimized Instance is for fast performance for workloads that process large data sets in memory EC2 EC2 ___ - Accelerated Optimized Instance has hardware accelerators, or co-processors ___ - Storage Optimized Instance contains high, sequential reads and writes access to very large data sets on local storage EC2 ___ Instance Sizes generally double in price and key attributes Placement Groups ___ Placement Groups let you choose the logical placement of your instances to optimize for communication performance or durability. - ___ are free - AWS EC2 Cluster Placement Groups ___ is a logical grouping of instances within a single Availability Zone. - A ___ group can span peered VPCs in the same Region - AWS EC2 Partition Placement Groups your application. ___ help reduce the likelihood of correlated hardware failures for 19 - When using ___, Amazon EC2 divides each group into logical segments called partitions - AWS EC2 Spread Placement Groups A ___ is a group of instances that are each placed on distinct racks, with each rack having its own network and power source. - AWS EC2 EC2 EC2 UserData is a script that will be automatically run when launching an ___ instance MetaData is meta data about the current instance. - You access this meta data via a local endpoint when SSH'd into the ___ instance EC2 Instance Profiles a container for an IAM role that you can use to pass role information to an ___ instance when the instance starts EC2 Spot Pricing ___ provide up to 90% off (Biggest Saving) - Request spare computing capacity - Flexible start and end times - Instance can be terminated by AWS at anytime - Use Cases: Can handle interruptions - Use Cases: for non-critical background jobs EC2 Spot Pricing ___ provide up to 90% off (Biggest Saving) - Instance can be terminated by AWS at anytime - If your instance is terminated by AWS, you don't get charged for a partial hour of usage 20 - If you terminate an instance you will still be charged for any hour that it ran - Use Cases: Can handle interruptions - Use Cases: for non-critical background jobs EC2 Dedicated Hosting Pricing - Dedicated servers ___ (Most Expensive) - Can be on-demand or reserved (upto 70% off) - Use case: when you need a guarantee of isolate hardware (enterprise requirements) EC2 On-Demand Pricing - Low cost and flexible - Only pay per hour ___ (Least Commitment) - Use case: short-term, spiky, unpredictable workloads, first time apps - Ideal when your work loads cannot be interrupted EC2 Reserved Instance Pricing ___ up to 75% off (best Long-Term Value) - Use Case: Steady state or predictable usage - Can resell unused reserved instance (Reserved Instance Marketplace) - Reduced Pricing is based on Term x Class Offering x Payment Option EC2 Reserved Instance Pricing ___ up to 75% off (best Long-Term Value) - Use Case: Steady state or predictable usage - Payment Terms: 1 year or 3 year 21 - Payment Options: All Upfront, Partial Upfront and No Upfront EC2 Reserved Instance Pricing ___ - Standard (Class Offering) Standard offers up to 75% reduced pricing compared to on-demand. - Cannot change RI Attributes EC2 Reserved Instance Pricing ___ - Convertible (Class Offering) Convertible offers up to 54% reduced pricing compared to on-demand. - Allows you to change RI Attributes if greater or equal in value EC2 Reserved Instance Pricing ___ - Scheduled (Class Offering) You Reserved instances for specific times periods Ex: once a week for a few hours (savings vary) Elastic File System (EFS) Elastic File System (EFS) Elastic File System (EFS) Elastic File System (EFS) ___ supports the Network File System versions 4 (NFSv4) protocol ___ volume can be scale to petabyte size storage ___ volume will shrink and grow to meet current data stored (elastic) You pay for the amount of storage (GB) your ___ uses 22 Elastic File System (EFS) ___ can support thousands of concurrent connections over NFS Elastic File System (EFS) Elastic File System (EFS) the same VPC) Elastic File System (EFS) Your data is stored across multiple AZs within a region when using ___ Can mount multiple EC2 instance to a single ___ (as long as they are all in ___ can Create Mount Points in all your VPC subnets so you can mount from anywhere within your VPC Elastic File System (EFS) Elastic Beanstalk ___ provides read after write consistency ___ handles the deployment, from capacity provisioning, load balancing, auto scaling to application health monitoring Elastic Beanstalk ___ is used when you want to run a web-application but you don't want to have to think about the underlying infrastructure Elastic Beanstalk Elastic Beanstalk It cost nothing to use ___ (only the resources it provisions such as RDS, ELB, EC2) ___ is recommended for test or development apps. Not recommended for production use Elastic Beanstalk ___ can use any of the following preconfigured platforms: Java, .NET. PHP, N, Python, Ruby, Go, and Docker Elastic Beanstalk ElastiCache You can run dockerized environments on ___ ___ is a managed in-memory caching service 23 ElastiCache ElastiCache ___ can launch either Memcached or Redis ___ Memcached is a simple key / value store preferred for caching HTML fragments and is arguably faster than Redis ElastiCache ___ Redis has richer data types and operations compared to Memcached. - Great for leaderboards, geospatial data or keeping track of unread notifications ElastiCache ElastiCache ElastiCache ___ is a temporary storage area ___ stores the most frequent identical queries Resources only within the same VPC may connect to ___ to ensure low latencies Elastic Load Balancer (ELB) - Network - Application - Classic Load Balancer Elastic Load Balancer (ELB) Elastic Load Balancer (ELB) - You must create one per region Application Load Balancer (ALB) There are three ___: A ___ must have at least two Availability Zone ___ cannot go cross-region. ___ has Listeners, Rules and 24 Network Load Balancer (NLB) ___ uses Listeners and Target Groups to route Traffic Classic Load Balancer (CLB) to CLB Application Load Balancer (ALB) Applications Network Load Balancer (NLB) Video Games) Classic Load Balancer (CLB) Network Load Balancer (NLB) NLB or CLB Elastic Load Balancer (ELB) SSL Application Load Balancer (ALB) ___ uses Listeners and EC2 instances are directly registered as targets ___ is for HTTP(S) traffic and the name implies it is good for Web ___ is for TCP/UDP which good for high network throughput (ex: ___ is legacy and it recommended to use ALB or NLB instead You can attach Web Application Firewall (WAF) to a ___ but not to a You can attach Amazon Certification Manager SSL to any of the ___ for ___ has advanced Request Routing rules where you can route based on subdomain header, path and other HTTP(S) information Sticky Sessions ___ allow clients to stay with a single server during its Session Lifetime. - Can be enabled for CLBN or ALB and sessions are remembered via Cookie Identity and Access Management (IAM) Identity and Access Management (IAM) ___ is used to manage access to users and resources ___ is a universal system 25 - Applied to all regions at the same time - Is a free service Relational Database Service (RDS) Relational Database Service (RDS) Region Reads Replicas) Relational Database Service (RDS) breaks replication Relational Database Service (RDS) Relational Database Service (RDS) - Automated Backups - Database Snapshots Relational Database Service (RDS) ___ allows you to combine Read Replicas with Multi-AZ ___ allows you to have Read Replicas in another Region (Cross ___ Replicas can be promoted to their own database, but this ___ allows you to have Replicas of Read Replicas ___ has 2 backup solutions ___ Automated Backups, allow you to choose a retention period between 1 - 35 days, there is no additional cost for the backup storage, you define your backup window Relational Database Service (RDS) ___ Manual Snapshots, allow you to manually create backups, if you delete your primary the manual snapshot will still exist and can be restored Relational Database Service (RDS) When you restore a ___ instance it will create a new database. You just need to delete your old database and point traffic to the new restored database Relational Database Service (RDS) You can turn on encryption at-rest for ___ via KMS 26 Redshift ___ allows data to be loaded from S3, EMR, DynamoDB, or multiple data sources on remote hosts Redshift Redshift Redshift Redshift Redshift Redshift Redshift Redshift Redshift Redshift Redshift Redshift Redshift ___ is a Columnar Store database which can SQL-like queries and is an OLAP ___ can handle petabytes worth of data ___ is for Data Warehousing ___ most common use case is Business Intelligence ___ can only run in a 1 availability zone (Single-AZ) ___ can run via a single node or multi-node (Clusters) An ___ single node is 160 GB in size An ___ multi-node is comprised of a leader node and multiple compute nodes ___ bills you on a bill per hour for each node (excluding leader node in multi-node) ___ does not bill you for the leader node Using ___, allows you to have up to 128 compute nodes ___ has two kinds of Node Types Dense Compute and Dense Storage ___ attempts to backup 3 copies of your data, the original, on compute node and on S3 27 Redshift Redshift Redshift Redshift Redshift loads Redshift Route53 ___ uses similar data which is stored on disks sequentially for faster reads ___ database can be encrypted via KMS or CloudHSM ___ Retention is default to 1 day and can be increase to maximum of 35 days ___ can asynchronously back up your snapshot to Another Region delivered to S3 ___ uses Massively Parallel Processing (MPP) to distribute queries and data across all In the case of empty table, when importing ___ will sample data to create a schema ___ is a DNS provider, register and manage domains, create record sets - Like Godaddy or NameCheap Simple Routing selection - Route53 Weighted Routing - Route53 ___ is the default routing policy, multiple addresses result in a random endpoint ___ split up traffic based on different 'weights' assigned (percentages) Latency-Based Routing ___ directs traffic based on region, for lowest possible latency for users 28 - Route53 Failover Routing ___ sets primary site in one location, secondary data recovery site in another (Change on health check) - Route53 Geolocation Routing - Route53 Geo-proximity Routing Route53 Traffic Flow) - Route53 ___ routes traffic based on geographic location of a request origin ___ routes traffic based on geographic location using 'Bias' value (needs Multi-value Answer Routing health checks) - Route53 Traffic Flow ___ will return multiple values in response to DNS queries (using ___ is visual editor, for chaining routing policies, can version policy records for easy rollbacks - Route53 AWS Alias Record adjusts automatically - Route53 ___ is a AWS smart DNS record,, detects changed IPs for AWS resources and 29 Route53 Resolver Hybrid Environments - Route53 Health Checks monitor other ___. - Route53 ___ lets you regionally route DNS queries between your VPCs and your network ___ can be created to monitor and automatically over endpoints. you can have ___ Simple Storage Service (S3) ___ object-based storage. - Store unlimited amount of data without worry of underlying storage infrastructure Simple Storage Service (S3) and 11' 9s of durability Simple Storage Service (S3) Simple Storage Service (S3) Simple Storage Service (S3) ___ replicates data across at least 3 AZs to ensure 99.99% Availability ___ objects contain your data (they're like files) ___ objects can be sized anywhere from 0 bytes up to 5 terabytes ___ buckets contain objects. - Buckets can also contain folders which can in turn can contain objects Simple Storage Service (S3) - like a domain name ___ buckets names are unique across all AWS accounts. 30 Simple Storage Service (S3) code Simple Storage Service (S3) When you upload a file to ___ successfully you'll receive a HTTP 200 ___ Lifecycle Management objects can be moved between storage classes or objects can be deleted automatically based on a schedule Simple Storage Service (S3) ___ Versioning objects are giving a Version ID. - When new objects are uploaded the old objects are kept. You can access any object version. When you delete an object the previous object is restored. Once Versioning is turned on it cannot be turned off, only suspended. Simple Storage Service (S3) order to delete an object. ___ MFA Delete enforce DELETE operations to require MFA token in - Must have versioning turned on to use. Can only turn on MFA Delete from AWS CLI. Root Account is only allowed to delete objects Simple Storage Service (S3) Simple Storage Service (S3) performed on objects Simple Storage Service (S3) Control Lists (ACL) Simple Storage Service (S3) control access Simple Storage Service (S3) All new ___ buckets are private by default ___ logging can be turned on to a bucket to log track operations ___ Access control is configured using Bucket Policies and Access ___ Buckets Policies are JSON document which let you write complex ___ ACLs are the legacy method (not deprecated) where you grant access to objects and buckets with simple actions 31 Security In Transit ___ uploading files is done over SSL - Simple Storage Service (S3) Server Side Encryption (SSE) 3 types: - SSE-AES (S3 manages keys), - SSE-C (Customer manages keys) - SSE-KMS (KMS manages keys) - Simple Storage Service (S3) Client-Side Encryption Service (S3) Cross Region Replication ___ encrypts data stored in the cloud ___ is encrypting data on client side before uploading to Simple Storage ___ allows you to replicate files across regions for greater durability. You must have versioning turned on in the source and destination bucket. You can have ___ replicate to bucket in another AWS Account Transfer Acceleration ___ provide faster and secure uploads from anywhere in the world. Data is uploaded via district url to an Edge Location. - Data is then transported to your S3 bucket via AWS backbone network Presigned Urls ___ is a url generated via the AWS CLI and SDK. - It provides temporary access to write or download objects data. ___ are commonly used to access private objects 32 Simple Storage Service (S3) ___ - Standard - 99.99% Availability, 11 9s Durability - Replicated across at least three AZs Simple Storage Service (S3) ___ - Intelligent Tiering - Uses ML to analyze your object usage and determine the appropriate storage class - Data is moved to the most cost-effective access tier, without any performance impact or added overhead Simple Storage Service (S3) - Still Fast ___ - Standard Infrequently Accessed (IA) - Cheaper if you access files less than once a moth - Additional retrieval fee is applied - 50% less than Standard (reduced availability) Simple Storage Service (S3) - Still Fast! - Objects only exist in one AZ - Availability (is 99.5%) ___ - One Zone IA - But cheaper than Standard IA by 20% less - Retrieval of data can take minutes to hours but the off is very cheap storage Simple Storage Service (S3) ___ - Glacier Deep Archive 33 - Lowest cost storage class - Data retrieval Times is 12 hours Security Groups Security Groups Security Groups Security Groups another ___ Security Groups Security Groups Security Groups Security Groups Security Groups ___ act as a firewall at instance level ___, unless allowed specifically, all inbound traffic is blocked by default ___ allow all outbound traffic from the instance which is allowed by default You can specific for the source to be either an IP range, single IP Address or ___ are STATEFULL (If traffic is allowed inbound it is also allowed outbound) Any changes to a ___ take effect immediately EC2 Instance can belong to multiple ___ ___ can contain multiple EC2 Instance You cannot block specific IP addresses with ___, for this you would need a Network Access Control List (NACL) Security Groups Security Groups Security Groups You can have upto 10,000 ___ per Region (default 25,000) You can have 60 inbound and 60 outbound rules pre ___ You can have 16 ___ associated to an ENI (Elastic Network Interface) (Default) 34 Simple Queue Service (SQS) ___ is a queuing service using messages with a queue - Think Sidekiq or RabbitMQ Simple Queue Service (SQS) apps to talk to each other Simple Queue Service (SQS) ___ is not pushed-based Simple Queue Service (SQS) Simple Queue Service (SQS) ___ is used for Application Integration, it lets decoupled services and To read ___ use need to pull the queue using the AWS SDK. ___ supports both Standard and First-In-First-Out (FIFO) queues ___ - Standard allows nearly unlimited messages per second, does not guarantee order of delivery, always delivers at least once, you must protect again duplicate message being processed Simple Queue Service (SQS) Simple Queue Service (SQS) Simple Queue Service (SQS) ___ - FIFO maintain the order of messages with a 300 limit ___ has two types of polling, Short (Default) and Long Polling ___ Short (Default) Polling returns messages immediately, even if the message queue being polled it empty Simple Queue Service (SQS) poll timeout expires Simple Queue Service (SQS) ___ Long Polling waits until message arrives in the queue, or the long In ___, majority of cases Long polling is preferred over Short polling 35 Visibility time-out is the period of time that messages are invisible in Simple Queue Service (SQS) the ___ queue Simple Queue Service (SQS) ___ messages are deleted from the queue after a job has processed them (Before visibility timeout expires) Simple Queue Service (SQS) queue Simple Queue Service (SQS) If a ___ Visibility timeout expires than a job will become visible to the ___ Default Visibility timeout is 30 seconds. - Timeout can be 0 seconds to maximum of 12 hours Simple Queue Service (SQS) 4 days Simple Queue Service (SQS) for Java can increase to 2GB Snowball & Snowball Edge Snowmobile ___ can retain messages from 60 seconds to 14 days and by default is ___ message size is between 1 byte to 256 kb, Extended Client Library ___ is a rugged container which contains a storage device ___ is a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck - Like a real semi-trailer (its a big semi) Snowball & Snowball Edge Snowmobile ___ is for peta-scale migration. ___ is for Exabyte-scale migration Snowball Low Cost thousands of dollars to transfer 100TB over high speed internet, ___ is 1/5th 36 Snowball week Snowball Speed 100 TB over 100 days to transfer over high speed internet, ___ takes less than a ___ comes in two sizes: - 50 TB (42 TB usable) - 80 TB (72 TB usable) Snowball edge ___ comes in two sizes: - 100 TB (83 TB usable) - 100 TB Clustered (45 TB per node) Snowmobile - (Semi Truck) ___ comes in one size 100 PB Snowball or Snowmobile Snowball & Snowball Edge Snowball Edge You can both export or import data using ___ using ___ you can import S3 or Glacier ___ can undertake local processing and edge-computing workloads Snowball Edge Snowball Edge ___ can use a cluster in groups of 5 to 10 devices ___ provides three options for device configurations - Storage Optimized (24 vCPUs) - Compute Optimized (54 vCPUs) - GPU Optimized (54 vCPUs) 37 Simple Notification Service (SNS) Simple Notification Service (SNS) ___ is a fully managed pub/sub messaging service ___ is for Application Integration. - It allows decoupled services and apps to communicate with each other Simple Notification Service (SNS) channel ___ has a Topic a logical access point and communication - A topic is able to deliver to multiple protocols - You can encrypt topics via KMS Simple Notification Service (SNS) Publishers use the AWS API via AWS CLI or SDK to push messages to a topic. Many AWS services integrate with ___ and act as publishers Simple Notification Service (SNS) ___ has Subscription subscribe to topics. When a topic receives a message it automatically and immediately pushes messages to subscribers Simple Notification Service (SNS) multiple Availability ZOne (AZ) Simple Notification Service (SNS) All message published to ___ are stored redundantly across ___ Protocols: - HTTPS and HTTPS can create webhooks into your web-app - Email good for internal email notification - Email-JSON sendss you json via email - Amazon SQS place SNS message into SQS queue - SMS send a text message - Platform application endpoints Mobile Push (Apple, Google, Microsoft Baidu) notification system 38 Storage Gateway ___ connects on-premise storage to cloud storage (Hybrid storage solution) Storage Gateway Storage Gateway local hard drive to S3 Storage Gateway Cached Stored Volume Gateway Data on-Premise Stored Volume ___ has three types of Gateways: File Gateway, Volume Gateway, Tape Gateway ___ - File Gateway les S3 act a local File system using NFS or SMB, extends your ___ - Volume Gateway is used for backups and has two types: Stored and ___ continuously backups local storage to S3 as EBS Snapshots Primary ___ are 1GB to 16TB in size Cached Volume Gateway on S3 Cached Volumes ___ cache the frequently used files on-premise. Primary Data is stored ___ are 1GB to 32GB in size Tape Gatyway ___ backups up virtual tapes to S3 Glacier for long archive storage Virtual Private Cloud (VPC) Network Virtual Private Cloud (VPC) - Interface Endpoints - Gateway Endpoints Interface Endpoints ___ endpoints help keep traffic between AWS services within the AWS There are two kinds of ___ endpoints. ___ cost money, Gateway Endpoints are Free 39 Interface Endpoints PrivateLink) Gateway Endpoints Interface Endpoints Gateway Endpoint VPC Flow Logs VPC Flow Logs VPC Flow Logs VPC Flow Logs VPC Flow Logs the same account VPC Flow Logs VPC Flow Logs VPC Flow Logs ___ uses an Elastic Network Interface (ENI) with Private IP (powered by AWS ___ is a target for a specific route in your route table ___ support many AWS services ___ only support DynamoDB and S3 ___ monitor the in-and-out traffic of your Network Interfaces within your VPC You can turn on ___ at the VPC, Subnet or Network Interface level ___ cannot be tagged like other AWS resources ___ cannot change the configuration of the flow log after it's created ___ cannot enable flow logs for VPCs which are peered with your VPC unless it is in ___ can be delivered to an S3 or CloudWatch Logs ___ contains the source and destination IP addresses (not Hostnames) ___ Some instance Traffic is not monitored: - Instance Traffic generated by contacting the AWS DNS servers - Window License activation traffic from instance - Traffic to and from the instance metadata address 40 - DHCP Traffic - Any traffic to the reserved IP address of the default VPC router CloudFront ___ is a CDN (Content Distribution Network). It makes website load fast by serving cached content that is nearby CloudFront CloudFront CloudFront CloudFront ___ distributes cached copy at Edge Locations ___ Edge Locations aren't just not read-only, you can write to them (PUT Objects) ___ - TTL (Time to Live) defines how long until the cache expires (refreshes cache) When you invalidate your ___ cache, you are forcing it to immediately expire (refreshes cached data) CloudFront Locations CloudFront ELB, Route53) CloudFront Refreshing the cache costs money because of transfer costs to update ___ Edge ___ - Origin is the address of where the original copies of your files reside (S3, EC2, ___ - Distribution defines a collection of Edge Locations and behaviour on how it should handle your cached content CloudFront ___ Distributions has 2 types - Web Distribution (Static Website Content) - RTMP (Streaming Media) CloudFront ___ - Origin Identity Access (OAI) is used access private S3 buckets 41 CloudFront Access to ___ cached content can be protected via Signed Urls or Signed Cookies CloudFront ___ - Lambda@Edge allows you to pass each request through a Lambda to change the behaviour of the response CloudTrail CloudTrail ___ CloudTrail CloudTrail CloudTrail CloudTrail Validation option CloudTrail CloudTrail account CloudTrail CloudTrail CloudTrail ___ logs call between AWS Services Governance, compliance, operation auditing, and risk auditing are keywords relating to When you need to know who to blame think ___ ___ by default logs event data for the past 90s days via Event History ___ can track beyond 90 days but you need to create a Trail To ensure ___ logs have not been tampered with, you need to turn on Log File ___ can be encrypted using KMS (Key Management Service) ___ can be set to log across all AWS accounts in an Organization and all regions in an ___ logs can be streamed to CloudWatch Logs ___ trails are outputted to an S3 bucket that you specify ___ logs two kinds of events: Management Events and Data Events 42 CloudTrail CloudTrail ___ Management Events log management operations (Ex: AttachedRolePolcy) ___ Data Events log data operation for resources (S3, Lambda) (Ex: GetObject, DeleteObject, and PutObject) CloudTrail CloudTrail Cloudwatch Metrics) Cloudwatch Cloudwatch ___ Data Events are disabled by default when creating a Trail ___ Trail logs in S3 can be analyzed using Athena ___ is a collection of monitoring services (Dashboard, Events, Alarms, Logs and ___ Logs: log data from AWS services (Ex: CPU Utilization) ___ Metrics: Represents a time-ordered set of data points, a variable to monitor (Ex: CPU Utilization over time) Cloudwatch server) Cloudwatch breached Cloudwatch Cloudwatch ___ Events: Trigger an event based on a condition (Ex: Ever hour take snapshot of ___ Alarms: Triggers Notifications based on metrics when a defined threshold is ___ Dashboard: Create visualization based on metrics ___ monitors EC2 instances at 5 min intervals and Detailed Monitoring at 1 min intervals (can be 1,3,5) Cloudwatch ___ Logs must belong to a Log Group 43 Cloudwatch Cloudwatch Cognito ___ Agents need to be installed on EC2 host to track Memory Usage and Disk Size With ___ you can stream custom logs files (Ex: ) ___ is decentralized managed authentication system. When you need to easily add authentication to your mobile and desktop app think ___ Cognito User Pools user directory, allows users to authenticate using OAuth to IpD such as Facebook, Google, Amazon to connect to web-app. ___ User Pool is in itself a IpD Cognito Cognito Cognito ___ User Pools use JWTs for to persist authentication ___ Identity Pool provide temporary AWS credentials to access services (S3, DynamoDB) ___ Sync can sync user data and preferences across devices with one line of code (powered by SNS) Cognito ___ Web Identity Federation exchange identity and security information between an identity provider (IdP) and an application Identity Provider (IdP) ___ a trusted provider of your user identity that lets you use authenticate to access other services (Facebook, Twitter, Google, Amazon) OpenID Connect (OIDC) SAML ___ is a type of Identity Provider which uses Oauth ___ is a type of Identity Provider which is used for Single Sign-on 44 Elastic Container Service (ECS) ___ enables you to inject sensitive data into your containers by storing your sensitive data in either AWS Secrets Manager secrets or AWS Systems Manager Parameter Store parameters and then referencing them in your container definition. Secrets ___ can be exposed to a container in the following ways: - To inject sensitive data into your containers as environment variables, use the ___ container definition parameter. - To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter. Elastic File System (EFS) ___ provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. Lambda@Edge ___ lets you run Lambda functions to customize the content that CloudFront delivers, executing the functions in AWS locations closer to the viewer Key Management Service (KMS) ___ is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data Key Management Service (KMS) ___ is integrated with most other AWS services that encrypt your data with encryption keys that you manage Key Management Service (KMS) ___ is also integrated with AWS CloudTrail to provide encryption key usage logs to help meet your auditing, regulatory and compliance needs. Security Token Service (STS) ___ is a web service that enables you to request temporary, limited privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users) Amazon Macie ___ s an ML-powered security service that helps you prevent data loss by automatically discovering, classifying, and protecting sensitive data stored in Amazon S3 45 Amazon Macie ___ uses machine learning to recognize sensitive data such as personally identifiable information (PII) or intellectual property, assigns a business value, and provides visibility into where this data is stored and how it is being used in your organization. Amazon Macie ___ continuously monitors data access activity for anomalies, and delivers alerts when it detects risk of unauthorized access or inadvertent data leaks Amazon Macie ___ has ability to detect global access permissions inadvertently being set on sensitive data, detect uploading of API keys inside source code, and verify sensitive customer data is being stored and accessed in a manner that meets their compliance standards. Amazon GuardDuty ___ is just a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. Amazon Rekognition ___ is simply a service that can identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content on your images or videos. Amazon Inspector ___ is basically an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. General Purpose SSD sequential Provisioned IOPS SSD sequential Cold HDD ___ deliver consistent performance whether an I/O operation is random or ___ deliver consistent performance whether an I/O operation is random or ___ deliver optimal performance only when I/O operations are large and sequential Throughput Optimized HDD and sequential ___ deliver optimal performance only when I/O operations are large 46 IOPS ___ are a unit of measure representing input/output operations per second RDS Multi-AZ ___ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads Amazon MQ If you're using messaging with existing applications and want to move your messaging service to the cloud quickly and easily, it is recommended that you consider ___ Amazon MQ ___ supports industry-standard APIs and protocols so you can switch from any standards-based message broker to ___ without rewriting the messaging code in your applications Simple Queue Service (SQS) ___ is a fully managed message queuing service, it does not support an extensive list of industry-standard messaging APIs and protocol, unlike Amazon MQ Simple Notification Service (SNS) message broker service. Simple Workflow Service (SWF) have parallel or sequential steps Simple Workflow Service (SWF) ___ is more suitable as a pub/sub messaging service instead of a ___ helps developers build, run, and scale background jobs that ___ promotes a separation between the control flow of your background job's stepwise logic and the actual units of work that contain your unique business logic AWS Directory Service ___ provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory (AD) with other AWS services AWS Directory Service ___ is a managed service offering that provides directories that contain information about your organization, including users, groups, computers, and other resources. AWS Directory Service ___ connect to AWS resources from on-prem MS Active directory or set up a new, stand-alone directory in AWS cloud. Users can connect with existing corporate credentials 47 DynamoDB stream ___ is an ordered flow of information about changes to items in an Amazon DynamoDB table. When you enable a stream on a table, DynamoDB captures information about every modification to data items in the table. Elastic Map Reduce (EMR) ___ provides you a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. You can access the operating system of these EC2 instances that were created by Amazon ___ Authentication Token ___ is a unique string of characters that Amazon RDS generates on request IAM Database Authentication ___ can be used to network traffic to and from the database is encrypted using Secure Sockets Layer (SSL) IAM Database Authentication ___ can use profile credentials specific to your EC2 instance to access your database instead of a password, for greater security IAM Database Authentication ___ can use IAM to centrally manage access to your database resources, instead of managing access individually on each DB instance Route Origin Authorization (ROA) ___ is a document that you can create through your Regional internet registry (RIR), such as the American Registry for Internet Numbers (ARIN) or Réseaux IP Européens Network Coordination Centre (RIPE) Route Origin Authorization (ROA) ___ contains the address range, the ASNs that are allowed to advertise the address range, and an expiration date Hot storage Warm storage Cold storage ___ refers to the storage that keeps frequently accessed data ___ refers to the storage that keeps less frequently accessed data ___ refers to the storage that keeps rarely accessed data 48 Amazon FSx For Lustre ___ is a high-performance file system for fast processing of workloads Amazon FSx For Lustre ___ is a popular open-source parallel file system which stores data across multiple network file servers to maximize performance and reduce bottlenecks Amazon FSx for Windows File Server ___ is a fully managed Microsoft Windows file system with full support for the SMB protocol, Windows NTFS, Microsoft Active Directory ( AD ) Integration Network Address Translation (NAT) Gateway ___ is a highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet Network Address Translation (NAT) Gateway implemented with redundancy in that zone Network Address Translation (NAT) Gateway ___ is created in a specific Availability Zone and You must create a ___ on a public subnet to enable instances in a private subnet to connect to the Internet or other AWS services, but prevent the Internet from initiating a connection with those instances Amazon Redshift Enhanced VPC Routing When you use ___, Amazon Redshift forces all COPY and UNLOAD traffic between your cluster and your data repositories through your Amazon VPC Redshift Spectrum ___ is primarily used to run queries against exabytes of unstructured data in Amazon S3, with no loading or ETL required Resource Access Manager (RAM) ___ is a service that enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization AWS Organizations ___ is an account management service that lets you consolidate multiple AWS accounts into an organization that you create and centrally manage AWS Organizations With ___, you can create member accounts and invite existing accounts to join your organization. You can organize those accounts into groups and attach policy-based controls. 49 Resource Access Manager (RAM) You can share AWS Transit Gateways, Subnets, AWS License Manager configurations, and Amazon Route 53 Resolver rules resources with ___ Simple Workflow Service (SWF) distributed application components. Instance metadata ___ is a web service that makes it easy to coordinate work across ___ is the data about your instance that you can use to configure or manage the running instance Instance user data ___ is mainly used to perform common automated configuration tasks and run scripts after the instance starts Resource tags ___ are labels that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define Amazon Machine Image (AMI) ___ is mainly provides the information required to launch an instance, which is a virtual server in the cloud. Elastic Block Storage (EBS) When you create an ___ volume in an Availability Zone, it is automatically replicated within that zone to prevent data loss due to a failure of any single hardware component. Elastic Block Storage (EBS) Elastic Block Storage (EBS) the same Availability Zone Elastic Block Storage (EBS) from the life of an instance An ___ volume can only be attached to one EC2 instance at a time After you create a ___ volume, you can attach it to any EC2 instance in An ___ volume is off-instance storage that can persist independently 50 Elastic Block Storage (EBS) You can specify not to terminate the ___ volume when you terminate the EC2 instance during instance creation Elastic Block Storage (EBS) ___ volumes support live configuration changes while in production which means that you can modify the volume type, volume size, and IOPS capacity without service interruptions Elastic Block Storage (EBS) algorithms (AES-256) Elastic Block Storage (EBS) Throughput Optimized HDD workloads Provisioned IOPS SSD Amazon ___ encryption uses 256-bit Advanced Encryption Standard Volumes offer 99.999% SLA ___ is primarily used for frequently accessed, throughput-intensive ___ provides the highest performance SSD volume for mission-critical low latency or high-throughput workloads EBS General Purpose SSD workloads. ___ volume costs more and it is mainly used for a wide variety of - It is recommended to be used as system boot volumes, virtual desktops, low-latency interactive apps, and many more. Bastion Host ___ is a special purpose computer on a network specifically designed and configured to withstand attacks Bastion Host ___ should be in a public subnet with either a public or Elastic IP address with sufficient RDP or SSH access defined in the security group 51 AWS Global Accelerator ___ is more suitable for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP, as well as for HTTP use cases that specifically require static IP addresses or deterministic, fast regional failover Pilot light ___ is often used to describe a DR scenario in which a minimal version of an environment is always running in the cloud Multi-Site ___ is the most expensive solution out of disaster recovery solutions. You are trying to save monthly costs so this should be the least probable choice for you. Key Pairs ___ is the two keys used in public-key encryption. Simple Storage Service (S3) ___ bucket that is configured to host a static website. - The bucket must have the same name as your domain or subdomain MX record domain name ___ specifies the mail server responsible for accepting email messages on behalf of a Application Load Balancer ___ supports path-based routing and host-based routing. AWS Security Token Service (AWS STS) ___ is the service that you can use to create and provide trusted use