Breaking News – Top Stories From all over the world. World News. Hourly Updated News Feed from Reddit, Twitter, Medium, Quora and top news agency and media around the world (CNN, Fox News, USA Today, MSNBC, ABC News, Al Jazeera, CBC, BBC, SkyNews, etc.).
First crewed test flight of Boeing Starliner capsule targeted for May 17 SaltWire Halifax powered by The Chronicle HeraldBoeing Starliner crewed mission postponed shortly before launch Phys.orgStarliner: Boeing's first crewed space flight postponed BBC.comBoeing's first crewed test of its new spacecraft CBC.caBoeing Starliner capsule test flight postponed CTV News
Negotiators Arrive in Cairo as Israel Seizes Rafah Crossing The New York TimesLive updates: Israel-Hamas war, Rafah crossing, airstrikes, Gaza ceasefire deal CNNIsraeli Tanks Enter Rafah as Cease-Fire Talks Resume in Cairo The New York TimesUS believes Hamas, Israel can break Gaza ceasefire impasse; Israeli forces cut Rafah aid route Reuters.comIsraeli troops gain operational control of Gazan side of Rafah Crossing, IDF says Fox News
Nuggets' Jamal Murray fined $100000 after throwing heat pack in Game 2 Star TribuneNuggets' Jamal Murray fined $100K, avoids suspension for toss ESPNJamal Murray not facing suspension, but NBA hands Nuggets star massive fine after throwing heat pack on court CBS SportsJamal Murray fined $100000, not suspended for tossing objects The AthleticFrustrated by officiating in Game 2 loss to Timberwolves, Nuggets’ Michael Malone concedes: “We lost control of our emotions” The Denver Post
Stormy Daniels describes meeting Trump during occasionally graphic testimony in hush money trial The Associated PressTakeaways from Stormy Daniels’ testimony at the Trump hush money trial CNNLaura: The weakness of NY v. Trump was on display with Stormy Daniels' testimony Fox NewsTrump documents trial start delayed indefinitely, judge orders Reuters.comStormy Daniels testifies about alleged sexual encounter with Trump The Washington Post
Kim Kardashian Explains Why She Wore Gray Sweater To 2024 Met Gala TODAYWhy Hunter Schafer Is Proof Kim Kardashian's Met Gala Sweater Was Not a Wardrobe Malfunction E! NEWSKardashians and Jenners at Met Gala: See Kim, Kylie, Kendall and Kris USA TODAYKim Kardashian Says Breathing Is an 'Art Form' in Met Gala Corset Us WeeklyWhy Were There So Many Corsets on The Met Gala Red Carpet? Harper's BAZAAR
US probe finds widespread sexual misconduct at FDIC Reuters.comFDIC Investigation Finds Culture Rife With Sexual Harassment, Discrimination The Wall Street JournalToxic culture is the norm at the FDIC, leadership cited in report NPR'To what end?': the murky question of Bill Hwang's motive in Archegos trial Financial Times`Patriarchal, insular': FDIC inquiry finds pervasive sexual harassment POLITICO
Security guard shot outside Drake's Toronto mega-mansion: police CBC NewsDrake house shooting: Security guard critically injured in Toronto CTV News TorontoDrive-by shooting latest incident at Drake's sprawling Bridle Path mansion Toronto SunSecurity guard shot outside Drake's Bridle Path home, rapper not injured: TPS CityNews TorontoSecurity guard at rapper Drake's home hospitalized after shooting outside The Globe and Mail
2024 NHL Mock Draft: Post-draft lottery top 24 Daily FaceoffSharks win NHL Draft Lottery, No. 1 pick NHL.com‘Macklin in Teal’: Hockey fans react to Sharks winning 2024 NHL Draft Lottery Sportsnet.caThe Calgary Flames will draft 9th overall in the 2024 NHL Draft Flames NationThe Montreal Canadiens will select fifth overall in 2024 NHL Draft Habs Eyes on the Prize
Boy Scouts of America changes name to Scouting America in rebrand The Washington PostBoy Scouts of America announces rebrand to ‘Scouting America’ CNNThe Boy Scouts of America will be renamed Scouting America Honolulu Star-AdvertiserBoy Scouts of America making this big change to be more inclusive Fox NewsBoy Scouts Of America Changing Name For 1st Time In 114-Year History HuffPost
Severe Storms Move Through the Midwest After Tornado Kills 1 The New York TimesBarnsdall and Bartlesville hit hard by Oklahoma tornadoes KOCO Oklahoma CityBarnsdall, Oklahoma, takes direct hit from tornado Tulsa WorldOklahoma, Iowa Towns Dealt Second Tornado Blows - Videos from The Weather Channel The Weather ChannelMissouri, Kansas, Arkansas and Oklahoma assess damage following severe storms and tornados KSNF/KODE - FourStatesHomepage.com
18-year-old charged with 1st-degree murder of teen's stabbing death CBC.caNepean stabbing: Murder charge laid in teen's death CTV News OttawaStabbing suspect now charged with first-degree murder Ottawa CitizenOttawa high school student dies after stabbing in Nepean CityNews OttawaHomicide Investigation – Stabbing Suspect now charged with murder Ottawa Police Service
India's envoy to Canada scheduled to speak on bilateral ties after RCMP arrests CP24Hardeep Singh Nijjar death: Impact on India-Canada ties CTV NewsProtests as men accused of Sikh activist's murder appear in court CBC.caIndian envoy: ‘national security threats’ coming from Canada a ‘red line’ Global NewsIndian High Commissioner's “big red line” CityNews Montreal
TikTok, ByteDance sue to block US law seeking sale or ban of app ReutersTikTok owner ByteDance files lawsuit against US law forcing app’s sale Al Jazeera EnglishTikTok sues U.S. government, saying potential ban violates First Amendment NBC NewsTikTok sues to block US law requiring sale to non-Chinese company Fox BusinessTikTok sues US to block law that could ban the social media platform, AP Explains Yahoo! Voices
Effective immediately, it's illegal to consume hard drugs in public in B.C. Vancouver SunOttawa approves B.C.'s request to recriminalize use of illicit drugs in public spaces CBC NewsB.C.'s request to make public drug use illegal again approved by federal government National PostCanada to recriminalize illicit drugs in B.C. CTV NewsOttawa approves B.C. request to recriminalize public possession of illicit drugs The Globe and Mail
Some colleges that had been permissive of pro-Palestinian protests begin taking a tougher stance The Associated PressPro-Palestinian Protests on U.S. College Campuses: Latest News Updates The New York TimesPolice clear University of Chicago encampments Fox NewsOpinion | Why I Ended the University of Chicago Protest Encampment The Wall Street JournalCampus police broke down a University of Chicago encampment on Tuesday morning as pro-Palestinian college protests continue nationwide. WLS-TV
Olive oil use associated with lower risk of dying from dementia The Washington PostDementia Mortality Tied to Olive Oil Consumption Medpage TodayOlive oil could help reduce risk of dying from dementia, Harvard study says UPI NewsDementia: How daily doses of olive oil can help lower mortality risk Medical News TodayHigh Olive Oil Intake Linked to Lower Dementia-Related Death Medscape
House Republicans turn to K-12 schools after months of rattling colleges on antisemitism - POLITICO POLITICOIn Berkeley Public Schools, a War Gives Rise to Unusual Tensions The New York TimesAntisemitism is a "vile scourge that cannot stand in our public schools," NYC schools chancellor says CBS New YorkFederal investigation opened on Berkeley schools over anti-Semitism KRON4Rooting antisemitism out of K-12 schools requires proven, bipartisan solutions The Hill
Skibicki trial: What is a 'not criminally responsible' defence? CTV NewsWinnipeg man now admits to killing 4 women CBC.caTimeline of slayings of four women in Winnipeg, demands to search a landfill for remains The Globe and MailCamp Morgan Firekeeper criticizes defence’s approach in Skibicki trial in Winnipeg CityNews WinnipegWinnipeg man admits to killing 4 women, but claiming not criminally responsible CP24
Rainstorm ‘not enough’ to pull Alberta out of drought, expert says Global NewsNearly a month's worth of rain washes over parts of the Prairies this week The Weather NetworkRainfall warning issued for Red Deer Red Deer AdvocateSome Alberta farmers might get a perfect storm, but the downpour's not good news for all CBC.caMore rain needed to improve Alberta's wildfire outlook CTV News Edmonton
Xi begins Serbia visit on the 25th anniversary of NATO's bombing of the Chinese Embassy The Associated PressChina's Xi gets red-carpet welcome in Serbia Yahoo! VoicesOn European Tour, Xi Jinping Heads to Friendly Territory in the East The New York TimesChina's Xi Jinping visits Serbia on anniversary of 1999 NATO bombing Reuters.comSerbia prepares warm welcome for 'steel friend' Xi Jinping South China Morning Post
Paris Saint-Germain 0 Borussia Dortmund 1 – Crucial Hummels, PSG’s attacking struggles The AthleticBorussia Dortmund 1-0 Paris Saint-Germain (May 7, 2024) Game Analysis ESPNBorussia Dortmund brutally mock PSG on social media as they reference post by French club from four years ago, Daily MailFootball news live: Premier League latest updates, reaction and more The AthleticBorussia Dortmund 1, PSG 0: Highlights as German giants advance to Champions League final CBS Sports
Can Drake Recover After His Battle With Kendrick Lamar? BillboardThe Kendrick Lamar/Drake beef escalated. Here's what happened. - The Washington Post The Washington PostKendrick Lamar's Diss Tracks Are Beating Drake on the Charts VultureDissecting the Genius Strategy of Kendrick Lamar’s “Not Like Us” The RingerStop Using Women as Pawns in Rap Beefs Like Drake and Kendrick Lamar's Rolling Stone
Google offering solid trade-in values towards Pixel 8a for previous A-Series phones 9to5GoogleGoogle Pixel 8a: Features, specs, price The Keyword | Google Product and Technology NewsGoogle's Pixel 8A is a midrange phone that might actually go the distance The VergeGoogle debuts $499 Pixel 8a as it pushes generative AI to more consumers Yahoo FinanceGoogle's Pixel 8A Arrives With a Bigger Dose of AI CNET
Pro-Palestinian encampment begins at U of Manitoba with list of demands for university CBC.caLegault shouldn't be telling police what to do with McGill encampment, opposition parties say CTV News MontrealUBC president addresses Gaza encampment demands Global NewsPro-Palestinian encampment in Montreal welcomes community donations CityNews MontrealUBC president says endowment fund doesn't directly own stocks targeted by protesters Vancouver Sun
Opinion | At the Met Gala, Celebrities Are Nearly Nude. Are We Not Aroused? The New York TimesMet Gala 2024 red carpet recap: from Zendaya’s second dress to protests The Washington PostLana Del Rey stuns as ethereal forest nymph in custom Alexander McQueen at Met Gala USA TODAYThese celebrities understood the MET Gala theme CTV News London
Drake’s security guard shot in drive-by days after Kendrick Lamar doxxed rapper’s mansion in diss track cover The IndependentDrake’s Security Guard Shot Outside Rapper’s Toronto Home Amid Kendrick Lamar Beef Hollywood ReporterShooting at Drake’s home amid rapper feud news.com.auSecurity guard shot outside Drake's Toronto mega-mansion: police CBC NewsPolice investigating shooting of security guard outside Drake's Toronto home WTAE Pittsburgh
Here's what Apple announced at its iPad-focused ‘Let loose’ event 9to5MacApple introduces M4 chip Apple2024 iPad Air vs. 2024 iPad Pro: spec comparison The VergeApple's New iPad Pro vs. New iPad Air vs. iPad: Why Are There So Many? The Wall Street JournalApple unveils new iPad Pro with ‘outrageously powerful’ AI-powered chip CNN
Disney stock falls as company attempts to make streaming business profitable Yahoo FinanceDisney just had its worst day in a year and a half CNNDisney Turns a Corner in Streaming, but Market Is Unimpressed The InformationDisney's Kingdom Loses Some Post-Covid Magic The Wall Street JournalThe streaming future Disney promised is finally here as cable TV decays CNBC
'The goal is to destroy Gaza': Why Israel rejects a ceasefire with Hamas Al Jazeera EnglishUS believes Hamas, Israel can break Gaza ceasefire impasse; Israeli forces cut Rafah aid route Reuters.comIsrael's war on Gaza updates: Full Rafah attack a 'humanitarian nightmare' Al Jazeera EnglishJoe Biden’s ‘red line’ is an invasion of Rafah. So what happens if Israel attacks? The Guardian USIsrael's military operation in Rafah 'completely unacceptable,' Joly says The Globe and Mail
Apple's biggest announcements from its iPad event: brighter screen, faster chips and the Pencil Pro Western WheelApple's iPad Event Reveals Surprising Upgrades: M4 Chip Steals the Show CNET2024 iPad Air vs. 2024 iPad Pro: spec comparison The VergeApple introduces M4 chip AppleApple unveils new iPad Pro with 'outrageously powerful' AI-powered chip CTV News
New Starbucks summer menu includes Summer-Berry Refreshers with raspberry pearls Good Morning AmericaHow Starbucks made a splash with its new (and blue!) summer drink with popping pearls Starbucks StoriesNew Starbucks drinks have boba-like pearls: 'It pops in your mouth' USA TODAYSummer's On at Starbucks with New Summer-Berry Starbucks Refreshers® Beverages Starbucks CanadaStarbucks Released Their Twist on Boba Called Raspberry Pearls — and We Tried Them PEOPLE
2 Ukrainians detained for allegedly plotting Zelenskyy assassination with Russia, Ukraine says ABC NewsUkraine arrests two officials for treason over alleged Russian plot to kill Zelensky CNNZelensky Assassination Plot: Ukraine Thwarts Alleged Russia-Backed Attempt Foreign PolicyUkraine Says It Foiled Russian Plot to Assassinate Zelensky The Wall Street JournalUkraine arrests 2 rogue colonels over secret plot to murder Zelenskyy, Kyiv says POLITICO Europe
Biden warns of a 'ferocious' surge in antisemitism in the U.S. and across the globe POLITICOBiden says antisemitism has no place in America in somber speech connecting the Holocaust to Hamas’ attack on Israel CNNBiden marks Holocaust Remembrance Day with speech on antisemitism CBS NewsIsrael-Hamas war day 214: What's going on in Gaza? The Jerusalem PostDemocratic lawmakers demand Biden condemn left-wing of his party Fox News
Judge rejects Trump lawyer's mistrial request over Stormy Daniels testimony CBC NewsTrump documents trial start delayed indefinitely, judge orders Reuters.comDay 13 of Trump New York hush money trial CNNDonald Trump and Stormy Daniels face off on tense day in court BBC.comStormy Daniels testifies about alleged sexual encounter with Trump The Washington Post
CTV Winnipeg: 'A big concern for us': Virologist on danger of avian flu outbreak coming to Canadian cattle UM TodayAvian flu outbreak: Virologist weighs in on risk in Canada | CTV News CTV News WinnipegWhat H5N1 in US Dairy Says about the State of Public Health TheTyee.caChristopher Labos: Bird flu has spread to dairy cows. Is our milk safe? Montreal GazetteDairy Farmer Doesn't Foresee Local Impacts from US Avian Flu Outbreak VOCM
Tom Holland shares approval of Zendaya’s Met Gala looks HOLA! USAMet Gala 2024 Red Carpet Looks: See Every Celebrity Outfit and Dress from Last Night VogueZendaya stunned not once, but twice, at this year’s Met Gala CNNZendaya Wore a Surprise Third Outfit to the 2024 Met Gala—and It's Glorious Harper's BAZAARTom Holland Gushes Over Girlfriend Zendaya's Met Gala Looks with an Instagram Post — See His Sweet Reaction! PEOPLE
City council repeals Calgary’s single-use bylaw after public pushback Global NewsCalgary's single-use item bylaw repealed CTV News CalgaryBraid: Council kills the bag bylaw but don't worry, they'll just do another one Calgary HeraldCalgary city council dumps bylaw charging consumers for shopping bags The Globe and MailCalgary's single-use items bylaw repealed, businesses no longer required to charge bag fee CBC.ca
Largest study of its kind to investigate why Black women are more likely to die from most types of cancer CNNPress Releases American Cancer Society Press RoomMajor study of cancer in Black women launches in 20 states NBC NewsLargest-Ever Study Will Look At Cancer In High-Risk Demographic: Black Women Forbes30-year study will probe cancer disparities in Black women Axios
‘Sustainable calm’ proposal splits Israel and Hamas BBC.comIsrael-Hamas war: Hamas accepts Egyptian-Qatari cease-fire proposal The Associated PressHamas's Offer to Hand Over 33 Hostages Includes Some Who Are Dead The New York TimesNYT: Mediators 'frustrated' by Hamas's rejection of deal terms it proposed in March The Times of IsraelText of the Gaza ceasefire proposal approved by Hamas Al Jazeera English
Indiana Primary Election 2024 FOX 59 IndianapolisMike Braun wins GOP nomination in race for governor of Indiana Fox NewsIndiana Primary Election Results 2024 The New York TimesMike Braun wins Indiana Republican gubernatorial primary AxiosThe Indiana governor's race has nothing to do with state politics at all - POLITICO POLITICO
Polievre calls corporate lobbyists useless but he still meets them National PostBad government policy on capital gains leads to more distrust, more departures Financial PostHow much is capital gains tax in Canada?—and other reader questions answered MoneySenseThere's room for good financial planning - and for error - before the June 25 capital-gains tax change The Globe and MailInvestors will invest — capital gains tinker or not. Just ask Warren Buffett Toronto Star
NASA simulations show what it would be like to fall in black hole: Video USA TODAYNASA Video Shows What Would Happen if You Fell Into a Black Hole NewsweekNew black hole visualization takes viewers beyond the brink Phys.orgTake a look inside a black hole with this new NASA video QuartzNASA's Stunning New Simulation Sends You Diving Into a Black Hole ScienceAlert
2024 NFL strength of schedule for all 32 teams: Browns, Ravens among hardest; Falcons, Saints have it easiest CBS SportsAFC North teams face toughest strength of schedule in 2024 NFL season; NFC South has easiest slate NFL.com2024 NFL schedule 'expected' release date and time announced Pride Of DetroitPredicting which Seahawks regular season games could end up on primetime Field Gulls2024 NFL Schedule: Release Date, Team-by-Team Opponents and More Bleacher Report
Your Google Pixel Phone's May Update Arrived Droid LifeAndroid 14 May security patch rolling out: What's fixed for Pixel 9to5GoogleGoogle brings May update to Pixel phones with bug fixes Android CentralPixel Watch starts receiving May 2024 update, Pixel phones still in queue Android AuthorityGoogle Pixel Watch May 2024 update is now rolling out PhoneArena
Oil prices have shed previous 'geopolitical risk premium': Nuttall BNN BloombergOil Confined to Tight Range With Mideast and Stockpiles in Focus Yahoo Canada FinanceOil Prices Under Pressure Despite Israel Sending Troops Into Rafah OilPrice.comOil settles lower on signs of easing supply tightness The Globe and MailOil's Slump Extends With Prices Touching the Lowest Since March Financial Post
Columbia University cancels main graduation amid protests BBC.comSome colleges that had been permissive of pro-Palestinian protests begin taking a tougher stance The Associated PressVideo: Students express disappointment as Columbia axes main commencement The Globe and MailColumbia University student shares account of police raids on campus ABC NewsColumbia seniors, parents say canceling commencement is a 'demoralizing' end NBC News
Jaylen Brown could be key to corralling Donovan Mitchell, Cavs NBC Sports Boston2024 NBA playoffs: Biggest factors that will decide Thunder-Mavericks, Celtics-Cavaliers Round 2 series ESPNCleveland Cavaliers (0-0) at Boston Celtics (0-0) Eastern Conference Semifinals Game #1 5/7/24 Celtics BlogNBA News & Fantasy Basketball Notes 5/7 Underdog NetworkCavaliers at Celtics Game 1 preview: Game time, stats leaders, and news The Boston Globe
China has launched a secret robot to the far side of the moon, new Chang'e 6 photos reveal Livescience.comThe lunar far side is wildly different from what we see. Scientists want to know why CNNChina's Chang'e-6 is carrying a surprise rover to the moon SpaceNewsGeologists reveal mysterious and diverse volcanism in lunar Apollo Basin, Chang'e-6 landing site Phys.orgVideo: China’s Chang’e-6 Far Side of the Moon Launch The New York Times
To find masked mob members who attacked UCLA camp, police using Jan. 6 tactics Los Angeles TimesFacial recognition tech to be likely used to identify attackers at UCLA, ex-LAPD captain says NBC Los AngelesUCLA police reviewing footage of attack on protesters' encampment; Gascón, FBI contacted for help KABC-TVPolice let violent mobs attack UCLA students. This is what lawlessness looks like The Guardian USUCLA launches investigation in violent clash during campus protest Yahoo! Voices
MoD data breach: State involvement cannot be ruled out in armed forces hack, says Grant Shapps BBC.comChina hacked Ministry of Defence, Sky News learns Sky NewsChina Suspected in Major NATO Member's Defense Hack NewsweekU.K. Armed Forces' Data Is Exposed in Hostile Cyberattack The New York TimesUK probes 'potential failings' at military contractor over suspected China hack Financial Times
Travis Green officially named Senators new head coach Ottawa CitizenGreen hired as Senators coach, replaces Martin NHL.comTravis Green lands Sens coaching job, Rick Bowness retires, and more: Around the League Canucks ArmySenators name Travis Green as head coach CBC.caOttawa Senators hire Travis Green to be next head coach Sportsnet.ca
Panera says it's phasing out its controversial Charged Lemonade nationwide NBC NewsPanera is dropping Charged Lemonade, the subject of multiple wrongful death lawsuits CNNPanera 'Charged' Lemonades, Other Drinks Discontinued After Health Lawsuits BloombergPanera to drop its high-caffeine Charged Lemonade amid lawsuits The Washington PostPanera to Discontinue 'Charged Sips' Drinks at Center of Lawsuits The Wall Street Journal
Boeing under investigation after workers falsified inspection records on some Dreamliners CBC.caExplainer-The latest investigation into the Boeing 787 Yahoo Canada FinanceBoeing faces new US investigation into ‘missed’ 787 inspections The GuardianBoeing says workers skipped required tests on 787 but recorded work as completed Ars TechnicaFAA Is Investigating Boeing Over 787 Dreamliner Inspections The New York Times
Google Updates $499 Low-End Pixel Phone, Cuts Tablet Price BNN BloombergGoogle Pixel 8a: Features, specs, price The Keyword | Google Product and Technology NewsGoogle's Pixel 8A Arrives With a Bigger Dose of AI CNETGoogle debuts $499 Pixel 8a as it pushes generative AI to more consumers Yahoo FinanceGet a $140 Google Store credit if you buy the Pixel 8a before May 19 MobileSyrup
Putin begins new six-year term as president, with more power over Russia than ever PBS NewsHour'Tsar' Putin tells the West: Russia will talk only on equal terms Reuters.comPutin's big day, Swiss guards and garbage-eating pigs: photos of the day – Tuesday The Guardian‘Together we will win’: Putin sworn in as Russia’s president Al Jazeera English5 things to know about Putin's inauguration – POLITICO POLITICO Europe
6 Canadian children stuck in Syrian detention camp have now been returned to Canada CBC NewsUS repatriates 11 Americans and six Canadian children from Syria BBC.comCanada repatriates 6 children of woman deemed security risk from ISIS camp Global NewsSix Canadian children repatriated from detention in Syria, Global Affairs Canada says CTV NewsUS repatriates two dozen westerners from Islamic State camp in Syria The Guardian US
Russia warns of nuclear weapon drills to ‘cool down’ West. Is it bluffing? Global NewsRussia Rattles Nukes As French President Mulls Sending Troops To Kyiv ForbesBelarus launches nuclear drills a day after Russia announces them amid tensions with West CTV NewsRussia says it plans to hold tactical nuclear weapon drills CBC NewsWhat are tactical nuclear weapons and why did Russia order drills? CityNews Kitchener
Data Sciences – Top 400 Open Datasets – Data Visualization – Data Analytics – Big Data – Data Lakes
Data science is an interdisciplinary field that uses scientific methods, processes, algorithms and systems to extract knowledge and insights from structured and unstructured data, and apply knowledge and actionable insights from data across a broad range of application domains.
A dataset is a collection of data, usually presented in tabular form. Good datasets for Data Science and Machine Learning are typically those that are well-structured (easy to read and understand) and large enough to provide enough data points to train a model. The best datasets are often those that are open and freely available – such as the popular Iris dataset. However, there are also many commercial datasets available for purchase. In general, good datasets for Data Science and Machine Learning should be:
Well-structured
Large enough to provide enough data points
Open and freely available whenever possible
In this blog, we are going to provide popular open source and public data sets, data visualization, data analytics and data lakes.
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more codes)
Fertility rates all over the world are steadily declining
Yes, fertility rates have been declining globally in recent decades. There are several factors that contribute to this trend, including increased access to education and employment opportunities for women, improved access to family planning and birth control, and changes in societal attitudes towards having children. However, the rate of decline varies significantly by country and region, with some countries experiencing more dramatic declines than others.
The most Daily Wikipedia Page Views in 2022
How Americans Spend Their Money by Generation
Largest countries in the world (by area size)
The Highest Grossing Movies Of All Time
We are still living mostly on gas, oil & coal – Global primary energy consumption by source (TWh)
Consumption vs production based CO2 emissions by country
Largest banks in the world by total assets
Inflation rate and nominal interest rate
Police Killings per Capita v Homicide Rate per Capita for Select OECD Countries
11 developing countries with higher life expectancy than the United States
Healthcare expenditure per capita vs life expectancy years
1.2% of adults own 47.8% of world’s wealth
How to Mathematically Win at Rock Paper Scissors
Researchers from IBM, MIT and Harvard Announced The Release Of DARPA “Common Sense AI” Dataset Along With Two Machine Learning Models At ICML 2021
Building machines that can make decisions based on common sense is no easy feat. A machine must be able to do more than merely find patterns in data; it also needs a way of interpreting the intentions and beliefs behind people’s choices.
At the 2021 International Conference on Machine Learning (ICML), Researchers from IBM, MIT, and Harvard University have come together to release a DARPA “Common Sense AI” dataset for benchmarking AI intuition. They are also releasing two machine learning models that represent different approaches to the problem that relies on testing techniques psychologists use to study infants’ behavior to accelerate the development of AI exhibiting common sense.
Researchers from IBM, MIT and Harvard Announced The Release Of DARPA “Common Sense AI” Dataset Along With Two Machine Learning Models At ICML 2021
Building machines that can make decisions based on common sense is no easy feat. A machine must be able to do more than merely find patterns in data; it also needs a way of interpreting the intentions and beliefs behind people’s choices.
At the 2021 International Conference on Machine Learning (ICML), Researchers from IBM, MIT, and Harvard University have come together to release a DARPA “Common Sense AI” dataset for benchmarking AI intuition. They are also releasing two machine learning models that represent different approaches to the problem that relies on testing techniques psychologists use to study infants’ behavior to accelerate the development of AI exhibiting common sense.
The University of Chicago Project on Security and Threats presents the updated and expanded Database on Suicide Attacks (DSAT), which now links to Uppsala Conflict Data Program data on armed conflicts and includes a new dataset measuring the alliance and rivalry relationships among militant groups with connections to suicide attack groups. Access it here.
The HRRR is a NOAA real-time 3-km resolution, hourly updated, cloud-resolving, convection-allowing atmospheric model, initialized by 3km grids with 3km radar assimilation. Radar data is assimilated in the HRRR every 15 min over a 1-h period adding further detail to that provided by the hourly data assimilation from the 13km radar-enhanced Rapid Refresh.
When will computers replace humans?
This chart is essentially measuring “How good is a human at a computers’ area of strength”.. meanwhile computers simply can not compete in human areas of strength.
The GDC Data Portal is a robust data-driven platform that allows cancer researchers and bioinformaticians to search and download cancer data for analysis.
The Cancer Genome Atlas (TCGA), a collaboration between the National Cancer Institute (NCI) and National Human Genome Research Institute (NHGRI), aims to generate comprehensive, multi-dimensional maps of the key genomic changes in major types and subtypes of cancer.
The Therapeutically Applicable Research to Generate Effective Treatments (TARGET) program applies a comprehensive genomic approach to determine molecular changes that drive childhood cancers. The goal of the program is to use data to guide the development of effective, less toxic therapies. TARGET is organized into a collaborative network of disease-specific project teams. TARGET projects provide comprehensive molecular characterization to determine the genetic changes that drive the initiation and progression of childhood cancers. The dataset contains open Clinical Supplement, Biospecimen Supplement, RNA-Seq Gene Expression Quantification, miRNA-Seq Isoform Expression Quantification, miRNA-Seq miRNA Expression Quantification data from Genomic Data Commons (GDC), and open data from GDC Legacy Archive. Access it here.
The Genome Aggregation Database (gnomAD) is a resource developed by an international coalition of investigators that aggregates and harmonizes both exome and genome data from a wide range of large-scale human sequencing projects. The summary data provided here are released for the benefit of the wider scientific community without restriction on use. Downloads
Stanford Question Answering Dataset (SQuAD) is a reading comprehension dataset, consisting of questions posed by crowdworkers on a set of Wikipedia articles, where the answer to every question is a segment of text, or span, from the corresponding reading passage, or the question might be unanswerable. Access it here.
The Pubmed Diabetes dataset consists of 19717 scientific publications from PubMed database pertaining to diabetes classified into one of three classes. The citation network consists of 44338 links. Each publication in the dataset is described by a TF/IDF weighted word vector from a dictionary which consists of 500 unique words. The README file in the dataset provides more details.
This dataset contains interactions between drugs and targets collected from DrugBank, KEGG Drug, DCDB, and Matador. It was originally collected by Perlman et al. It contains 315 drugs, 250 targets, 1,306 drug-target interactions, 5 types of drug-drug similarities, and 3 types of target-target similarities. Drug-drug similarities include Chemical-based, Ligand-based, Expression-based, Side-effect-based, and Annotation-based similarities. Target-target similarities include Sequence-based, Protein-protein interaction network-based, and Gene Ontology-based similarities. The original task on the dataset is to predict new interactions between drugs and targets based on different types of similarities in the network. Download link
PharmGKB data and knowledge is available as downloads. It is often critical to check with their curators at feedback@pharmgkb.org before embarking on a large project using these data, to be sure that the files and data they make available are being interpreted correctly. PharmGKB generally does NOT need to be a co-author on such analyses; They just want to make sure that there is a correct understanding of our data before lots of resources are spent.
The dataset contains open RNA-Seq Gene Expression Quantification data and controlled WGS/WXS/RNA-Seq Aligned Reads, WXS Annotated Somatic Mutation, WXS Raw Somatic Mutation, and RNA-Seq Splice Junction Quantification. Documentation
This dataset contains soil infrared spectral data and paired soil property reference measurements for georeferenced soil samples that were collected through the Africa Soil Information Service (AfSIS) project, which lasted from 2009 through 2018. Documentation
DAiSEE is the first multi-label video classification dataset comprising of 9068 video snippets captured from 112 users for recognizing the user affective states of boredom, confusion, engagement, and frustration “in the wild”. The dataset has four levels of labels namely – very low, low, high, and very high for each of the affective states, which are crowd annotated and correlated with a gold standard annotation created using a team of expert psychologists. Download it here.
NatureServe Explorer provides conservation status, taxonomy, distribution, and life history information for more than 95,000 plants and animals in the United States and Canada, and more than 10,000 vegetation communities and ecological systems in the Western Hemisphere.
The data available through NatureServe Explorer represents data managed in the NatureServe Central Databases. These databases are dynamic, being continually enhanced and refined through the input of hundreds of natural heritage program scientists and other collaborators. NatureServe Explorer is updated from these central databases to reflect information from new field surveys, the latest taxonomic treatments and other scientific publications, and new conservation status assessments. Explore Data here
FlightAware.com has data but you need to pay for a full dataset.
The anyflights package supplies a set of functions to generate air travel data (and data packages!) similar to nycflights13. With a user-defined year and airport, the anyflights function will grab data on:
flights: all flights that departed a given airport in a given year and month
weather: hourly meterological data for a given airport in a given year and month
airports: airport names, FAA codes, and locations
airlines: translation between two letter carrier (airline) codes and names
planes: construction information about each plane found in flights
The U.S. Department of Transportation’s (DOT) Bureau of Transportation Statistics (BTS) tracks the on-time performance of domestic flights operated by large air carriers. Summary information on the number of on-time, delayed, canceled and diverted flights appears in DOT’s monthly Air Travel Consumer Report, published about 30 days after the month’s end, as well as in summary tables posted on this website. BTS began collecting details on the causes of flight delays in June 2003. Summary statistics and raw data are made available to the public at the time the Air Travel Consumer Report is released. Access it here
Flightera.net seems to have a lot of good data for free. It has in-depth data on flights and doesn’t seem limited by date. I can’t speak on the validity of the data though.
flightradar24.com has lots of data, also historically, they might be willing to help you get it in a nice format.
Researchers from IBM, MIT and Harvard Announced The Release Of DARPA “Common Sense AI” Dataset Along With Two Machine Learning Models At ICML 2021
Building machines that can make decisions based on common sense is no easy feat. A machine must be able to do more than merely find patterns in data; it also needs a way of interpreting the intentions and beliefs behind people’s choices.
At the 2021 International Conference on Machine Learning (ICML), Researchers from IBM, MIT, and Harvard University have come together to release a DARPA “Common Sense AI” dataset for benchmarking AI intuition. They are also releasing two machine learning models that represent different approaches to the problem that relies on testing techniques psychologists use to study infants’ behavior to accelerate the development of AI exhibiting common sense.
The University of Chicago Project on Security and Threats presents the updated and expanded Database on Suicide Attacks (DSAT), which now links to Uppsala Conflict Data Program data on armed conflicts and includes a new dataset measuring the alliance and rivalry relationships among militant groups with connections to suicide attack groups. Access it here.
The HRRR is a NOAA real-time 3-km resolution, hourly updated, cloud-resolving, convection-allowing atmospheric model, initialized by 3km grids with 3km radar assimilation. Radar data is assimilated in the HRRR every 15 min over a 1-h period adding further detail to that provided by the hourly data assimilation from the 13km radar-enhanced Rapid Refresh.
The GDC Data Portal is a robust data-driven platform that allows cancer researchers and bioinformaticians to search and download cancer data for analysis.
The Cancer Genome Atlas (TCGA), a collaboration between the National Cancer Institute (NCI) and National Human Genome Research Institute (NHGRI), aims to generate comprehensive, multi-dimensional maps of the key genomic changes in major types and subtypes of cancer.
The Therapeutically Applicable Research to Generate Effective Treatments (TARGET) program applies a comprehensive genomic approach to determine molecular changes that drive childhood cancers. The goal of the program is to use data to guide the development of effective, less toxic therapies. TARGET is organized into a collaborative network of disease-specific project teams. TARGET projects provide comprehensive molecular characterization to determine the genetic changes that drive the initiation and progression of childhood cancers. The dataset contains open Clinical Supplement, Biospecimen Supplement, RNA-Seq Gene Expression Quantification, miRNA-Seq Isoform Expression Quantification, miRNA-Seq miRNA Expression Quantification data from Genomic Data Commons (GDC), and open data from GDC Legacy Archive. Access it here.
The Genome Aggregation Database (gnomAD) is a resource developed by an international coalition of investigators that aggregates and harmonizes both exome and genome data from a wide range of large-scale human sequencing projects. The summary data provided here are released for the benefit of the wider scientific community without restriction on use. Downloads
Stanford Question Answering Dataset (SQuAD) is a reading comprehension dataset, consisting of questions posed by crowdworkers on a set of Wikipedia articles, where the answer to every question is a segment of text, or span, from the corresponding reading passage, or the question might be unanswerable. Access it here.
The Pubmed Diabetes dataset consists of 19717 scientific publications from PubMed database pertaining to diabetes classified into one of three classes. The citation network consists of 44338 links. Each publication in the dataset is described by a TF/IDF weighted word vector from a dictionary which consists of 500 unique words. The README file in the dataset provides more details.
This dataset contains interactions between drugs and targets collected from DrugBank, KEGG Drug, DCDB, and Matador. It was originally collected by Perlman et al. It contains 315 drugs, 250 targets, 1,306 drug-target interactions, 5 types of drug-drug similarities, and 3 types of target-target similarities. Drug-drug similarities include Chemical-based, Ligand-based, Expression-based, Side-effect-based, and Annotation-based similarities. Target-target similarities include Sequence-based, Protein-protein interaction network-based, and Gene Ontology-based similarities. The original task on the dataset is to predict new interactions between drugs and targets based on different types of similarities in the network. Download link
PharmGKB data and knowledge is available as downloads. It is often critical to check with their curators at feedback@pharmgkb.org before embarking on a large project using these data, to be sure that the files and data they make available are being interpreted correctly. PharmGKB generally does NOT need to be a co-author on such analyses; They just want to make sure that there is a correct understanding of our data before lots of resources are spent.
The dataset contains open RNA-Seq Gene Expression Quantification data and controlled WGS/WXS/RNA-Seq Aligned Reads, WXS Annotated Somatic Mutation, WXS Raw Somatic Mutation, and RNA-Seq Splice Junction Quantification. Documentation
This dataset contains soil infrared spectral data and paired soil property reference measurements for georeferenced soil samples that were collected through the Africa Soil Information Service (AfSIS) project, which lasted from 2009 through 2018. Documentation
DAiSEE is the first multi-label video classification dataset comprising of 9068 video snippets captured from 112 users for recognizing the user affective states of boredom, confusion, engagement, and frustration “in the wild”. The dataset has four levels of labels namely – very low, low, high, and very high for each of the affective states, which are crowd annotated and correlated with a gold standard annotation created using a team of expert psychologists. Download it here.
NatureServe Explorer provides conservation status, taxonomy, distribution, and life history information for more than 95,000 plants and animals in the United States and Canada, and more than 10,000 vegetation communities and ecological systems in the Western Hemisphere.
The data available through NatureServe Explorer represents data managed in the NatureServe Central Databases. These databases are dynamic, being continually enhanced and refined through the input of hundreds of natural heritage program scientists and other collaborators. NatureServe Explorer is updated from these central databases to reflect information from new field surveys, the latest taxonomic treatments and other scientific publications, and new conservation status assessments. Explore Data here
FlightAware.com has data but you need to pay for a full dataset.
The anyflights package supplies a set of functions to generate air travel data (and data packages!) similar to nycflights13. With a user-defined year and airport, the anyflights function will grab data on:
flights: all flights that departed a given airport in a given year and month
weather: hourly meterological data for a given airport in a given year and month
airports: airport names, FAA codes, and locations
airlines: translation between two letter carrier (airline) codes and names
planes: construction information about each plane found in flights
The U.S. Department of Transportation’s (DOT) Bureau of Transportation Statistics (BTS) tracks the on-time performance of domestic flights operated by large air carriers. Summary information on the number of on-time, delayed, canceled and diverted flights appears in DOT’s monthly Air Travel Consumer Report, published about 30 days after the month’s end, as well as in summary tables posted on this website. BTS began collecting details on the causes of flight delays in June 2003. Summary statistics and raw data are made available to the public at the time the Air Travel Consumer Report is released. Access it here
Flightera.net seems to have a lot of good data for free. It has in-depth data on flights and doesn’t seem limited by date. I can’t speak on the validity of the data though.
flightradar24.com has lots of data, also historically, they might be willing to help you get it in a nice format.
Measurements of the normal (i.e. non-superconducting) state magnetoresistance (change in resistance with magnetic field) in several single crystalline samples of copper-oxide high-temperature superconductors. The measurements were performed predominantly at the High Field Magnet Laboratory (HFML) in Nijmegen, the Netherlands, and the Pulsed Magnetic Field Facility (LNCMI-T) in Toulouse, France. Complete Zip Download
Collection of multimodal raw data captured from a manned all-terrain vehicle in the course of two realistic outdoor search and rescue (SAR) exercises for actual emergency responders conducted in Málaga (Spain) in 2018 and 2019: the UMA-SAR dataset. Full Dataset.
Child mortality numbers caused by malaria by country
Number of deaths of infants, neonatal, and children up to 4 years old caused by malaria by country from 2000 to 2015. Originator: World Health Organization
The dataset will give anyone the opportunity to train and test models of semantic equivalence, based on actual Quora data. 400,000 lines of potential question duplicate pairs. Each line contains IDs for each question in the pair, the full text for each question, and a binary value that indicates whether the line truly contains a duplicate pair. Access it here.
MIMIC Critical Care Database
MIMIC is an openly available dataset developed by the MIT Lab for Computational Physiology, comprising deidentified health data associated with ~60,000 intensive care unit admissions. It includes demographics, vital signs, laboratory tests, medications, and more. Access it here.
Data.Gov: The home of the U.S. Government’s open data
Here you will find data, tools, and resources to conduct research, develop web and mobile applications, design data visualizations, and more. Search over 280000 Datasets.
Art that does not attempt to represent an accurate depiction of a visual reality but instead use shapes, colours, forms and gestural marks to achieve its effect
5000+ classical abstract art here, real artists with annotation. You can download them in very high resolution, however you would have to crawl them first with this scraper.
Interactive map of indigenous people around the world
Native-Land.ca is a website run by the nonprofit organization Native Land Digital. Access it here.
I took the data from IHME’s Global Burden of Disease 2019 study (2019 all-ages prevalence of drug use disorders among both men and women for all countries and territories) and plotted it using R.
Also, what is going on in the US exactly? 3.3% of the population there is addicted and it’s the worst rate in the world.
File POP/1-1: Total population (both sexes combined) by region, subregion and country, annually for 1950-2100 (thousands)Medium fertility variant, 2020 – 2100
Conducted by the Federal Highway Administration (FHWA), the NHTS is the authoritative source on the travel behavior of the American public. It is the only source of national data that allows one to analyze trends in personal and household travel. It includes daily non-commercial travel by all modes, including characteristics of the people traveling, their household, and their vehicles. Access it here.
Statistics and data about the National Travel Survey, based on a household survey to monitor trends in personal travel.
The survey collects information on how, why, when and where people travel as well as factors affecting travel (e.g. car availability and driving license holding).
NeTEx is the official format for public transport data in Norway and is the most complete in terms of available data. GTFS is a downstream format with only a limited subset of the total data, but we generate datasets for it anyway since GTFS can be easier to use and has a wider distribution among international public transport solutions. GTFS sets come in “extended” and “basic” versions. Access here.
A subset of the field data collected on temporary NFI plots can be downloaded in Excel format from this web site. The file includes a Read_me sheet and a sheet with field data from temporary plots on forest land1 collected from 2007 to 2019. Note that plots located on boundaries (for example boundaries between forest stands, or different land use classes) are not included in the dataset. The dataset is primarily intended to be used as reference data and validation data in remote sensing applications. It cannot be used to derive estimates of totals or mean values for a geographic area of any size. Download the dataset here
Large data sets from finance and economics applicable in related fields studying the human condition
CIA: The world Factbook provides basic intelligence on the history, people, government, economy, energy, geography, environment, communications, transportation, military, terrorism, and transnational issues for 266 world entities.
Consumer Price Index: The Consumer Price Index (CPI) is a measure of the average change over time in the prices paid by urban consumers for a market basket of consumer goods and services. Indexes are available for the U.S. and various geographic areas. Average price data for select utility, automotive fuel, and food items are also available.
International Historical Statistics is a compendium of national and international socio-economic data from 1750 to 2010. Data are available in both Excel and PDF tabular formats. IHS is structured in three broad geographical divisions and ten themes: Africa / Asia / Oceania; The Americas and Europe. The database is structured in ten categories: Population and vital statistics; Labour force; Agriculture; Industry; External trade; Transport and communications; Finance; Commodity prices; Education and National accounts. Access here
World Input-Output Tables and underlying data. World Input-Output Tables and underlying data, covering 43 countries, and a model for the rest of the world for the period 2000-2014. Data for 56 sectors are classified according to the International Standard Industrial Classification revision 4 (ISIC Rev. 4).
Data: Real and PPP-adjusted GDP in US millions of dollars, national accounts (household consumption, investment, government consumption, exports and imports), exchange rates and population figures.
COW seeks to facilitate the collection, dissemination, and use of accurate and reliable quantitative data in international relations. Key principles of the project include a commitment to standard scientific principles of replication, data reliability, documentation, review, and the transparency of data collection procedures
Data: Total national trade and bilateral trade flows between states. Total imports and exports of each country in current US millions of dollars and bilateral flows in current US millions of dollars
Geographical coverage: Single countries around the world
The WTO provides quantitative information in relation to economic and trade policy issues. Its data-bases and publications provide access to data on trade flows, tariffs, non-tariff measures (NTMs) and trade in value added.
The Subaru-Mitaka-Okayama-Kiso Archive, holds about 15 TB of astronomical data from facilities run by the National Astronomical Observatory of Japan. All data becomes publicly available after an embargo period of 12-24 months (to give the original observers time to publish their papers).
Graph Datasets
Web crawl graph with 3.5 billion web pages and 128 billion hyperlinks
Many web and social graphs with up to 95 billion edges. While this data collection seems to be very comprehensive, it is not trivially accessible without external tool.
The Multi-Domain Sentiment Dataset contains product reviews taken from Amazon.com from many product types (domains). Some domains (books and dvds) have hundreds of thousands of reviews. Others (musical instruments) have only a few hundred. Reviews contain star ratings (1 to 5 stars) that can be converted into binary labels if needed. Access it here.
Supported by Google Jigsaw, the GDELT Project monitors the world’s broadcast, print, and web news from nearly every corner of every country in over 100 languages and identifies the people, locations, organizations, themes, sources, emotions, counts, quotes, images and events driving our global society every second of every day, creating a free open platform for computing on the entire world.
This dataset represents a snapshot of the Yahoo! Music community’s preferences for various musical artists. The dataset contains over ten million ratings of musical artists given by Yahoo! Music users over the course of a one month period sometime prior to March 2004. Users are represented as meaningless anonymous numbers so that no identifying information is revealed. The dataset may be used by researchers to validate recommender systems or collaborative filtering algorithms. The dataset may serve as a testbed for matrix and graph algorithms including PCA and clustering algorithms. The size of this dataset is 423 MB.
This dataset contains a small sample of the Yahoo! Movies community’s preferences for various movies, rated on a scale from A+ to F. Users are represented as meaningless anonymous numbers so that no identifying information is revealed. The dataset also contains a large amount of descriptive information about many movies released prior to November 2003, including cast, crew, synopsis, genre, average ratings, awards, etc. The dataset may be used by researchers to validate recommender systems or collaborative filtering algorithms, including hybrid content and collaborative filtering algorithms. The dataset may serve as a testbed for relational learning and data mining algorithms as well as matrix and graph algorithms including PCA and clustering algorithms. The size of this dataset is 23 MB.
The dataset is a collection of 964 hours (22K videos) of news broadcast videos that appeared on Yahoo news website’s properties, e.g., World News, US News, Sports, Finance, and a mobile application during August 2017. The videos were either part of an article or displayed standalone in a news property. Many of the videos served in this platform lack important metadata, such as an exhaustive list of topics associated with the video. We label each of the videos in the dataset using a collection of 336 tags based on a news taxonomy designed by in-house editors. In the taxonomy, the closer the tag is to the root, the more generic (topically) it is.
The Internet Archive is making an 80 TB web crawl available for research
The TREC conference made the ClueWeb09 [3] dataset available a few years back. You’ll have to sign an agreement and pay a nontrivial fee (up to $610) to cover the sneakernet data transfer. The data is about 5 TB compressed.
ClueWeb12 is now available, as are the Freebase annotations, FACC1
CNetS at Indiana University makes a 2.5 TB click dataset available
ICWSM made a large corpus of blog posts available for their 2011 conference. You’ll have to register (an actual form, not an online form), but it’s free. It’s about 2.1 TB compressed. The dataset consists of over 386 million blog posts, news articles, classifieds, forum posts and social media content between January 13th and February 14th. It spans events such as the Tunisian revolution and the Egyptian protests (see http://en.wikipedia.org/wiki/January_2011 for a more detailed list of events spanning the dataset’s time period). Access it here
The Yahoo News Feed dataset is 1.5 TB compressed, 13.5 TB uncompressed
The Proteome Commons makes several large datasets available. The largest, the Personal Genome Project , is 1.1 TB in size. There are several others over 100 GB in size.
The MOBIO dataset is about 135 GB of video and audio data
The Yahoo! Webscope program makes several 1 GB+ datasets available to academic researchers, including an 83 GB data set of Flickr image features and the dataset used for the 2020 KDD Cup , from Yahoo! Music, which is a bit over 1 GB.
Freebase makes regular data dumps available. The largest is their Quad dump , which is about 3.6 GB compressed.
The Research and Innovative Technology Administration (RITA) has made available a dataset about the on-time performance of domestic flights operated by large carriers. The ASA compressed this dataset and makes it available for download.
The wiki-links data made available by Google is about 1.75 GB total.
Google Research released a large 24GB n-gram data set back in 2006 based on processing 10^12 words of text and published counts of all sequences up to 5 words in length.
These data are intended to be used by researchers and other professionals working in power and energy related areas and requiring data for design, development, test, and validation purposes. These data should not be used for commercial purposes.
A dataset and open-ended challenge for music recommendation research ( RecSys Challenge 2018). Sampled from the over 4 billion public playlists on Spotify, this dataset of 1 million playlists consist of over 2 million unique tracks by nearly 300,000 artists, and represents the largest public dataset of music playlists in the world. Access it here
How much each of 20 most popular artists earns from Spotify.
Needless to say, the United States absolutely dominates this list more than any other country. 9 of the top 10 are Americans, you’d have to combine the next 5 countries after the US to match their output of 33 among the top 80, and you’d have to combined every other country not named China on this graph to equal the USA.
To break things down based on region:
– The Americas has 34 individuals on this list with USA (33) and Mexico (1)
– Asia-Pacific has 28 individuals on this list with China (14), India (5), Hong Kong (4), Japan (3), and Australia (2)
– Europe has 18 individuals on this list with France (5), Russia (5), Germany (3), Italy (2), UK (1), Ireland (1), and Spain (1)
The National Health and Nutrition Examination Survey (NHANES) is conducted every two years by the National Center for Health Statistics and funded by the Centers for Disease Control and Prevention. The survey measures obesity rates among people ages 2 and older. Find the latest national data and trends over time, including by age group, sex, and race. Data are available through 2017-2018, with the exception of obesity rates for children by race, which are available through 2015-2016. Access here
NCEI first developed the Global Historical Climatology Network-Monthly (GHCN-M) temperature dataset in the early 1990s. Subsequent iterations include version 2 in 1997, version 3 in May 2011, and version 4 in October 2018.
The Human Development Index (HDI) is a statistic composite index of life expectancy, education (mean years of schooling completed and expected years of schooling upon entering the education system), and per capita income indicators, which are used to rank countries into four tiers of human development.
Numbers like these are a quick reminder that not every athlete is LeBron James or Roger Federer who can play their sport at such high levels for their entire young adulthood while becoming billionaires in the process. Many careers are short lived and end abruptly while the athlete is still very young and some don’t really have a plan B.
NFL being at the bottom here doesn’t surprise me though as most positions (with the exception of QB and kicker) in US Football is lowkey bodily suicide.
The data comes from the Global Power Plant Database. The Global Power Plant Database is a comprehensive, open source database of power plants around the world. It centralizes power plant data to make it easier to navigate, compare and draw insights for one’s own analysis. The database covers approximately 30,000 power plants from 164 countries and includes thermal plants (e.g. coal, gas, oil, nuclear, biomass, waste, geothermal) and renewables (e.g. hydro, wind, solar). Each power plant is geolocated and entries contain information on plant capacity, generation, ownership, and fuel type. It will be continuously updated as data becomes available.
The ImageNet dataset contains 14,197,122 annotated images according to the WordNet hierarchy. Since 2010 the dataset is used in the ImageNet Large Scale Visual Recognition Challenge (ILSVRC), a benchmark in image classification and object detection. The publicly released dataset contains a set of manually annotated training images.
The MNIST database of handwritten digits, available from this page, has a training set of 60,000 examples, and a test set of 10,000 examples. It is a subset of a larger set available from NIST. The digits have been size-normalized and centered in a fixed-size image.
It is a good database for people who want to try learning techniques and pattern recognition methods on real-world data while spending minimal efforts on preprocessing and formatting. Access it here.
MMID is a large-scale, massively multilingual dataset of images paired with the words they represent collected at the University of Pennsylvania. The dataset is doubly parallel: for each language, words are stored parallel to images that represent the word, and parallel to the word’s translation into English (and corresponding images.) . Dcumentation.
HDI is calculated by the UN every year to measure a country’s development using average life expectancy, education level, and gross national income per capita (PPP). The EU has a collective HDI of 0.911.
Data collected from a series of rushing and passing statistics for NFL Quarterbacks from 2015-2020 and performed a machine learning algorithm called clustering, which automatically sorts observations into groups based on shared common characteristics using a mathematical “distance metric.”
The idea was to use machine learning to determine NFL Quarterback Archetype to agnostically determine which quarterbacks were truly “mobile” quarterbacks, and which were “pocket passers” that relied more on passing. I used a number of metrics in my actual clustering analysis, but they can be effectively summarized across two dimensions: passing and rushing, which can be further roughly summarized across two metrics: passer rating and rushing yards per year. Plotting the quarterbacks along these dimensions and plotting the groups chosen by the clustering methodology shows how cleanly the methodology selected the groups.
Read this blog article on the process for more information if you’re interested, or just check out this blog in general if you found this interesting!
Intraday Stock Data (1 min) – S&P 500 – 2008-21: 12 years of 1 minute bars for data science / machine learning.
Granular stock bar data for research is difficult to find and expensive to buy. The author has compiled this library from a variety of sources and is making it available for free.
One compressed CSV file with 9 columns and 2.07 million rows worth of 1 minute SPY bars. Access it here
Datasets: A live version of the vaccination dataset and documentation are available in a public GitHub repository here. These data can be downloaded in CSV and JSON formats. PDF.
Learn how to create, maintain, and contribute to a long-living dataset that will update itself automatically across projects, using git and DVC as versioning systems, and DAGsHub as a host for the datasets.
Courtesy of Google’s Project Sunroof: This dataset essentially describes the rooftop solar potential for different regions, based on Google’s analysis of Google Maps data to find rooftops where solar would work, and aggregate those into region-wide statistics.
It comes in a couple of aggregation flavors – by census tract , where the region name is the census tract id, and by postal code , where the name is the postal code. Each also contains latitude/longitude bounding boxes and averages, so that you can download based on that, and you should be able to do custom larger aggregations using those, if you’d like.
A large dataset aimed at teaching AI to code, it consists of some 14M code samples and about 500M lines of code in more than 55 different programming languages, from modern ones like C++, Java, Python, and Go to legacy languages like COBOL, Pascal, and FORTRAN.
When the whole country is double vaccinated, the value will be 200 doses per 100 population. At the moment the UK is like 85, which is because ~70% of the population has had at least one dose and ~15% of the population (which is a subset of that 70%) have had two. Hence ~30% are currently unprotected – myself included until Sunday.
According to the author of the source data: “For the 1918 Spanish Flu, the data was collected by knowing that the total counts were 500M cases and 50M deaths, and then taking a fraction of that per day based on the area of this graph image:” – the graph is used is here:
Visualización y conjunto de datos de comparación de enfermedades agregadas
Data source: trends.google.com Trending topics from 2010 to 2019 were taken from Google’s annual Year in Search summary 2010-2029
The full, ~11 minute video covering the whole 2010s decade is available here at youtu.be/xm91jBeN4oo
Google Trends provides weekly relative search interest for every search term, along with the interest by state. Using these two datasets for each term, we’re able to calculate the relative search interest for every state for a particular week. Linear interpolation was used to calculate the daily search interest.
From the author: I started with data on roads from naturalearth.com, which also includes some ferry lines. I then calculated the fastest routes (assuming a speed of 90 km/h on roads, and 35 km/h on boat) between each pair of 45 European capitals. The animation visualizes these routes, with brighter lines for roads that are more frequently “traveled”.
In reality these are of course not the most traveled roads, since people don’t go from all capitals to all other capitals in equal measure. But I thought it would be fun to visualize all the possible connections.
The model is also very simple, and does not take into account varying speed limits, road conditions, congestion, border checks and so on. It is just for fun!
In order to keep the file size manageable, the animation only shows every tenth frame.
Is Russia, Turkey or country X really part of Europe? That of course depends on the definition, but it was more fun to include them than to exclude them! The Vatican is however not included since it would just be the same as the Rome routes. And, unfortunately, Nicosia on Cyprus is not included to due an error on my behalf. It should be!
2) This dataset comprises of more than 800 pokemons belonging up to 8 generations.
Using this dataset have been fun for me. I used it to create a mosaic of pokemons taking image as reference. You can find it here and it’s free to use: Couple Mosaic (powered by Pokemons)
Here is the data type information in the file:
Name: Pokemon Name
Type: Type of Pokemon like Grass / Fire / Water etc..,.
ETL pipeline for Facebook’s research project to provide detailed large-scale demographics data. It’s broken down in roughly 30×30 m grid cells and provides info on groups by age and gender.
The GISS Surface Temperature Analysis ver. 4 (GISTEMP v4) is an estimate of global surface temperature change. Graphs and tables are updated around the middle of every month using current data files from NOAA GHCN v4 (meteorological stations) and ERSST v5 (ocean areas), combined as described in our publications Hansen et al. (2010) and Lenssen et al. (2019).
Buying a chocolate bar? There are seemingly hundreds to choose from, but its just the illusion of choice. They pretty much all come from Mars, Nestlé, or Mondelēz (which owns Cadbury).
Criteria for choosing a dictionary: – No proper nouns – “Official” source if available – Inclusion of inflected forms – Among two lists, the largest was fancied – No or very rare abbreviations if possible- but hard to detect in unknown languages and across hundreds of thousands of words.
The author found this dataset in a more accessible format upon searching for the keyword “CDPB” (Carcinogenic Potency Database) in the National Library of Medicine Catalog. Check out this parent website for the data source and dataset description. The dataset referenced in OP’s post concerns liver specific carcinogens, which are marked by the “liv” keyword as described in the dataset description’s Tissue Codes section.
DataSet of Tokyo 2020 (2021) Olympics ( details about the Athletes, the countries they representing, details about events, coaches, genders participating in each event, etc.) [1, 2]
Looking for Wildfires Database for all countries by year and month? The quantity of wildfires happening, the acreage, things like that, etc.. [1, 2, 3, ]
Looking for a pill vs fake pill image dataset [1, 2, 3, 4, 5, 6, 7]
In this project, the authors have designed a spatial model which is able to classify urbanity levels globally and with high granularity. As the target geographic support for our model we selected the quadkey grid in level 15, which has cells of approximately 1x1km at the equator.
The author obtained the data from the UK Government website, so unfortunately don’t know the methodology or how they collected the data etc.
The comparison to the general public is a great idea – according to the Government site, 6% of children, 16% of working-age adults and 45% of Pension-age adults are disabled.
According to the author , this animation depicts adult cognitive skills, as measured by the PIAAC study by OECD. Here, the numeracy and literacy skills have been combined into one. Each frame of the animation shows the xth percentile skill level of each individual country. Thus, you can see which countries have the highest and lowest scores among their bottom performers, median performers, and top performers. So for example, you can see that when the bottom 1st percentile of each country is ranked, Japan is at the top, Russia is second, etc. Looking at the 50th percentile (median) of each country, Japan is top, then Finland, etc.
Programme for the International Assessment of Adult Competencies (PIAAC)is a study by OECD to measure measured literacy, numeracy, and “problem-solving in technology-rich environments” skills for people ages 16 and up. For those of you who are familiar with the school-age children PISA study, this is essentially an adult version of it.
The model was built in Stan and was inspired by Andrew Gelman’s World Cup model shown here. These plots show posterior probabilities that the team on the y axis will score more goals than the team on the x axis. There is some redundancy of information here (because if I know P(England beats Scotland) then I know P(Scotland beats England) )
SEDE (Stack Exchange Data Explorer) is a dataset comprised of 12,023 complex and diverse SQL queries and their natural language titles and descriptions, written by real users of the Stack Exchange Data Explorer out of a natural interaction. These pairs contain a variety of real-world challenges which were rarely reflected so far in any other semantic parsing dataset. Access it here
Each map size is proportional to population, so China takes up about 18-19% of the map space.
Countries with very far-flung territories, such as France (or the USA) will have their maps shrunk to fit all territories. So it is the size of the map rectangle that is proportional to population, not the colored area. Made in R, using data from naturalearthdata.com. Maps drawn with the tmap package, and placed in the image with the gridExtra package. Map colors from the wesanderson package.
Beneath adds some useful features for shared data, like the ability to run SQL queries, sync changes in real-time, a Python integration, and monitoring. The monitoring is really useful as it lets you check out the write activity of the scraper (no surprise, WSB is most active when markets are open
The scraper (which uses Async PRAW) is open source here
The chart shows the average daily gain in $ if $100 were invested at a date on x-axis. Total gain was divided by the number of days between the day of investing and June 13, 2021. Gains were calculated on average 30-day prices.
Time range: from March 28, 2013, till June 13, 2021
Google Playstore dataset is now available with double the data (2.3 Million) android application data and a new attribute stating the scraped date time in Kaggle.
According to the author: Looking at non-suicide firearms deaths by state (2019), and then grouping by the Guns to Carry rating (1-5 stars), it seems that stricter gun laws are correlated with fewer firearms homicides. Guns to Carry rates states based on “Gun friendliness” with 1 star being least friendly (California, for example), and 5 stars being most friendly (Wyoming, for example). The ratings aren’t perfect but they include considerations like: Permit required, Registration, Open carry, and Background checks to come up with a rating.
The numbers at the bottom are the average non-suicide deaths calculated within the rating group. Each bar shows the number for the individual state.
Interesting that DC is through the roof despite having strict laws. On the flip side, Maine is very friendly towards gun owners and has a very low homicide rate, despite having the highest ratio of suicides to homicides.
Obviously, lots of things to consider and this is merely a correlation at a basic level. This is a topic that interested me so I figured I’d share my findings. Not attempting to make a policy statement or anything.
Data for word frequency in econ textbooks was compiled by myself by scraping words from 43 undergraduate economics textbooks. For details see Deconstructing Econospeak.
Data Source: from eMarketer, as quoted byJon Erlichman
Purpose according to the author: raw textual numbers (like in the original tweet) are hard to compare, particularly the acceleration or deceleration of a trend. Did for myself, but maybe is useful to somebody.
A few things to notice: It’s dangerous to be a newborn. The same mortality rates are reached again only in the fifties. However, mortality drops after birth very quickly and the safest age is about ten years old. After experiencing mortality jump in puberty – especially high for boys, mortality increases mostly exponentially with age. Every thirty years of life increase chances of dying about ten times. At 80, chance of dying in a year is about 5.8% for males and 4.3% for females. This mortality difference holds for all ages. The largest disparity is at about twenty three years old when males die at a rate about 2.7 times higher than females.
Check out the FAS site for notes and caveats about their estimates. Governments don’t just print this stuff on their websites. These are evidence-based estimates of tightly-guarded national secrets.
Of particular note – Here’s what the FAS says about North Korea: “After six nuclear tests, including two of 10-20 kilotons and one of more than 150 kilotons, we estimate that North Korea might have produced sufficient fissile material for roughly 40-50 warheads. The number of assembled warheads is unknown, but lower. While we estimate North Korea might have a small number of assembled warheads for medium-range missiles, we have not yet seen evidence that it has developed a functioning warhead that can be delivered at ICBM range.”
The author used several sources for this video and article. The first, for the video, is GitHub Archive & CodersRank. For the analysis of the OSCI index data, the author used opensourceindex.io
2021 is straight projections, must be taken with a grain of salt. However, the assumption of continuous rise of murder rate is not a bad one based on recent news reports, such as: here
This image was generated for my research mapping the privacy research field. The visual is a combination of network visualisation and manual adding of the labels.
The data was gathered from Scopus, a high-quality academic publication database, and the visualisation was created with Gephi. The initial dataset held ~120k publications and over 3 million references, from which we selected only the papers and references in the field.
The labels were assigned by manually identifying clusters and two independent raters assigning names from a random sample of publications, with a 94% match between raters.
This is a randomized experiment the author conducted with 450 people on Amazon MTurk. Each person was randomly assigned to one of three writing activities in which they either (a) described their phone, (b) described what they’d do if they received a call from someone they know, or (c) describe what they’d do if they received a call from an unknown number. Pictures of an iPhone with a corresponding call screen were displayed above the text box (blank, “Incoming Call,” or “Unknown”). Participants then rated their anxiety on a 1-4 scale.
AZ-900: Microsoft Azure Fundamentals – Top 100 Questions and Answers Dumps
Amazon’s AWS and Microsoft’s Azure are the big boys of the cloud computing world, even though AWS is much bigger than Azure.
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more codes)
Revenue from Microsoft Azure grew 72% from 2018 from $7.56 billion to $13 billion. Azure contributed to almost 10.5% of Microsoft’s total revenue in 2019. It has also been noted that the US defense chose Azure in its tactical operations. The last quarter earnings of 2019 grew by 64%.
The exam is intended for candidates who are just beginning to work with cloud-based solutions and services or are new to Azure. Candidates should be familiar with the general technology concepts, including concepts of networking, storage, compute, application support, and application development. Azure Fundamentals can be used to prepare for other Azure role-based or specialty certifications, but it is not a prerequisite for any of them.
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the internet. Common examples are email, calendar, and office tools, such as Microsoft Office 365.
Question 2:You have an on-premises application that processes incoming Simple Message Submission Service (SMSS) queue messages and records the data to a log file. You migrate this application to an Azure function app. What kind of cloud service would this be considered?
Serverless computing is the abstraction of servers, infrastructure, and operating systems. When you build serverless apps, you don’t need to provision and manage any servers, so you don’t have to worry about infrastructure. Serverless computing is driven by the reaction to events and triggers happening in near-real time in the cloud.
A. Spending money on products or services now and being billed for them now. You can deduct this expense from your tax bill in the same year.
B. Spending money on physical infrastructure up front, and then deducting that expense from your tax bill over time.
C. Prices for individual resources and services are provided so you can predict how much you will spend in a given billing period based on your expected usage.
D. The ability to do things more efficiently or at a lower cost per unit when operating at a larger scale.
Answer 3:
D
Notes 3:
Cloud providers such as Microsoft, Google, and Amazon are large businesses that leverage the benefits of economies of scale and then pass the savings on to their customers.
Question 5: Which of the following Azure solutions allows you to geographically cache and distribute high-bandwidth content, such as streaming videos, to users in different parts of the world?
A. Content Delivery Network (CDN)
B. Load Balancer
C. Application Gateway
D. Virtual Network Gateway
Answer 5:
A
Notes 5:
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes around the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs.
Question 6:You are beginning to extend your on-premises data center into Azure. You have created a new Azure subscription and resource group called RG-One. You deploy two virtual machines into RG-One with the intent of promoting these to Active Directory domain controllers. What kind of cloud service would this be considered?
Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and managed over the internet. Deploying virtual machines into an Azure subscription would be considered an IaaS service.
Question 7:Select the concept that is defined as ensuring that servers are available if a single data center goes offline.
A. Scalability
B. Fault tolerance
C. Elasticity
D. Agility
Answer 7:
B
Notes 7:
Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of one or more of its components. In Azure, it refers to ensuring that a portion of the production systems are available online (via a failover cluster, available set, or available zone) if a subset of the system components (or an entire data center) goes offline.
Question 8:In regards to comparing Public Cloud and Private Cloud, which of these best describe the characteristics of a Public Cloud?
A. No-upfront costs
B. More control over the security
C. Less reliability
D. Less maintenance
Answer 8:
A and D
Notes 8
The public cloud provides a pay-as-you-go pricing model which can lead to lower costs than those in private cloud solutions where capital expenditures are high.
The public cloud provides agility to provision and de-provision resources quickly with far less maintenance than that of private cloud solutions.
Question 9:Which of the following are considered capital expenditures (CapEx)?
A. Storage area network
B. Cloud-based virtual machine
C. Office 365 licenses
D. Hyper-V host server
Answer 9:
A and D
Notes 9:
Storage costs are typically considered CapEx and include storage hardware components and the cost of supporting them. Depending on the application and level of fault tolerance, centralized storage can be expensive.
Server costs are considered CapEx and include all server hardware components and the cost of supporting them. When purchasing servers, make sure to design for fault tolerance and redundancy (e.g., server clustering, redundant power supplies, and uninterruptible power supplies). When a server needs to be replaced or added to a data center, you need to pay for the computer. This can affect your immediate cash flow because you must pay for the server up front.
Question 10:You are in the process of migrating your existing on-premises SQL databases to Azure. You will migrate them to Azure SQL databases, as opposed to deploying SQL database servers in Azure. What kind of cloud service would this be considered?
A. Software-as-a-Service (SaaS)
B. Platform-as-a-Service (PaaS)
C. Serverless
D. Infrastructure-as-a-Service (IaaS)
Answer 10:
B
Notes 10:
Platform as a service (PaaS) is a complete development and deployment environment in the cloud with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. An Azure SQL instance would be considered a PaaS service.
Question 11: Which of the following statements are true for IaaS cloud services?
A. The client is responsible for purchasing all Operating System (OS) host licensing.
B. Services can be scaled automatically to support system load.
C. The client has complete control over the host operating system.
D. The client is responsible for all guest OS and application updates.
Answer 11:
B and D
Notes 11:
IaaS host services are scaled automatically to combat increased system load and scaled back during periods of inactivity.
The cloud service provider performs all underlying hardware, OS, and middleware updates. The client performs all guest OS and application updates.
Question 12: Which of the following tools can be used to manage Azure resources on a Google Chromebook?
A. Azure portal
B. PowerShell
C. Azure Cloud Shell
D. Azure CLI
Answer 12:
A and C
Notes 12:
You can run the Azure portal on all modern desktop, tablet devices, and browsers.
Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell.
Question 13:Which Azure service can provide big data analysis for machine learning?
A. Azure App Service
B. Azure WebJobs
C. Application Insights
D. Azure Databricks
Answer 13:
D
Notes 13:
Azure Databricks is an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform. Databricks enables collaboration between data scientists, data engineers, and business analysts.
Question 14:You need to create an Azure storage solution that will store messages created by an Azure web role. The messages will then be processed by an Azure worker role. What type of storage solution should you create?
A. A Queue service in a storage account
B. A virtual machine data disk
C. A File service in a storage account
D. A Blob service in a storage account
Answer 14:
A
Notes 14:
Azure Queue storage is a service for storing large numbers of messages that can be accessed from anywhere in the world via authenticated calls using HTTP or HTTPS.
Question 15:You have an on-premises application that sends email notifications automatically based on a rule. You plan to migrate the application to Azure. You need to recommend a computing solution for the application that should minimize costs by incurring charges only when it is executed.
Which Azure solution is best for this type of application?
A. Logic App
B. A web app
C. Service Bus App
D. IaaS web server in Azure
Answer 15:
A
Notes 15:
Azure Logic Apps is a cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on-premises, or both.
For example, here are just a few workloads you can automate with logic apps:Process and route orders across on-premises systems and cloud services.
Send email notifications with Office 365 when events happen in various systems, apps, and services.
Move uploaded files from an SFTP or FTP server to Azure Storage.
Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need review.
For new logic apps that run in the public or “global” Azure Logic Apps service, you pay only for what you use. These logic apps use a consumption-based plan and pricing model.
Question 16: You are the Systems Administrator for a local university. You are deploying several sets of systems that will be used for research and development teams. Each set of systems will be uniform in nature, containing the same number and type of Azure resources.
What should you recommend to automate the creation of these Azure resources?
A. Azure Resource Manager templates
B. Multiple Azure subscriptions
C. Management groups
D. Virtual machine scale sets
Answer 16:
A
Notes 16:
An Azure Resource Manager template is the framework by which resources are created. They can be used to define and automate the creation of similar resources.
Question 17:You are deploying a pair of Azure virtual machines. You want to ensure that the application will remain available in the event of a complete data center failure. What Azure technology will help most in this task?
A. Locally redundant storage
B. Zone Redundant Storage
C. Availability zone
D. Availability set
Answer 17:
C
Notes 17:
An Availability zone consists of two or more virtual machines in different physical locations within an Azure region. This configuration ensures that only a subset of the virtual machines in an availability zone will be affected in the event of hardware failure, OS update, or a complete data center outage. This configuration offers 99.99% SLA.
Question 18: Which of the following database solutions has the ability to add data concurrently from multiple regions simultaneously?
A. SQL managed instances
B. Cosmos DB
C. SQL Data Warehouses
D. Azure SQL Databases
Answer 18:
B
Notes 18:
Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service. Cosmos DB elastically and independently scales throughput and storage across any number of Azure regions worldwide.
Question 19: Which Azure service can host your web apps without you having to manage underlying infrastructure?
A. Azure App Service
B. Azure WebJobs
C. Azure Databricks
D. Application Insights
Answer 19:
A
Notes 19:
Azure App Service enables you to build and host web apps, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure.
Question 20: Which of the following components can be used to load balance traffic to web applications, such as Azure App Service web apps using layer 7 of the OSI model?
A. Virtual Network
B. Virtual Network Gateway
C. Route table
D. Load Balancer
E. Application Gateway
Answer 20:
E
Notes 20:
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 — TCP and UDP) and route traffic based on source IP address and port to a destination IP address and port.
Question 21: Which Azure service can help you collect, analyze, and act on telemetry from your cloud and on-premises environments?
A. Azure App Service
B. Azure Monitor
C. Azure Analyzer
D. Azure WebJobs
Answer 21:
B
Notes 21:
Azure Monitor is a service that can help you understand how your applications are performing and proactively identify issues affecting them and the resources they depend on.
Question 23: Which Azure service should you use to correlate metrics and logs from multiple resources into a centralized repository? A. Azure Event Grid
B. Azure Event Hubs
C. Azure SQL Data Warehouse
D. Azure Monitor
Answer 23:
D
Notes 23:
Log data collected by Azure Monitor (formerly Azure Log Analytics) is stored in a Log Analytics workspace, which is based on Azure Data Explorer. It collects telemetry from a variety of sources and uses the Kusto query language used by Data Explorer to retrieve and analyze data.
Question 24: You are the Azure Administrator for Radio Gaga, LTD. You have a resource group named RG-RG and need to ensure no other administrators can create virtual networks in this resource group. What can you implement to accomplish this?
A. Access Control (IAM)
B. Azure policy
C. Locks
D. Properties
Answer 24:
B
Notes 24:
Azure Policy is a service in Azure used to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
For example, you can have the policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance.
Question 25: Which of the following is the organization that defines standards used by the United States government?
A. NIST
B. ITIL
C. GDPR
D. ISO
Answer 25:
A
Notes 25:
The National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidance to help organizations assess risk. It defines the standards that are used by the United States government as well as the US Department of Defense (DoD).
Question 26: You have an Azure virtual network named VNet in a resource group named Bob-RG. You assign an Azure policy specifying virtual networks are not an allowed resource type in Bob-RG. What happens to VNet once this policy is applied?
A. VNet is moved to a new resource group.
B. Bob-RG is deleted automatically
C. VNet continues to function normally, but no new subnets can be added.
D. VNet is deleted automatically.
Answer 26:
C
Notes 26:
Azure policies that determine the allowed types of resources can only prevent non-compliant resources from being created. Existing non-compliant resources are not affected. However, the policy is flagged as non-compliant so that the administrator can determine action (if any).
Question 27: Which Azure tool allows you to view which user turned off a specific virtual machine during the last 14 days?
A. Azure Event Hubs
B. Azure Activity Log
C. Azure Service Health
D. Azure Monitor
Answer 27:
B
Notes 27:
The Azure Activity Log is a subscription log that provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. Events such as starting and stopping of virtual machines can be found here.
A collaboration between Microsoft and Adobe brings you a more simplified and consistent experience for PDF documents that have been classified and, optionally, protected. This collaboration provides support for Adobe Acrobat native integration with Microsoft Information Protection solutions, such as Azure Information Protection.
Question 29: Which of the following is true regarding HDInsight?
A. It is an on-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights.
B. It is a managed relational cloud database service.
C. It is a cloud-based service that is a limitless analytics service that brings together enterprise data warehousing and Big Data analytics.
D. It is an open-source framework for the distributed processing and analysis of big datasets in clusters.
Answer 29:
D
Notes 29:
Azure HDInsight is a managed, full-spectrum, open-source analytics service for enterprises. HDInsight is a cloud service that makes it easy, fast, and cost-effective to process massive amounts of data. HDInsight also supports a broad range of scenarios, like extract, transform, and load (ETL); data warehousing; machine learning; and IoT.
Learn about important Azure product updates, roadmap, and announcements here
Questions 31: Azure virtual machines can be moved between which of the following Azure resources?
A. Subscriptions
B. Regions
C. Availability Sets
D. Resource Groups
E. Availability Zones
Answer 31:
A, B, D, E
Notes 31:
Azure virtual machines can be moved between subscriptions with either Azure PowerShell or the Azure portal. Using Azure Site Recovery, you can migrate Azure VMs to other regions. Azure virtual machines can be moved between resource groups with either Azure PowerShell or the Azure portal. Using Azure Site Recovery, you can migrate Azure VMs to other Availability Zones.
II- Azure Pricing and Support
Question 32: Which Azure support plans can open support cases?
Question 33: For any Single Instance virtual machine using premium SSD or Ultra Disk for all Operating System Disks and Data Disks, what is the SLA guarantee for virtual machine connectivity?
Question 34: Which of the following Azure services is a cloud-based service that leverages massively parallel processing (MPP) to quickly run complex queries across petabytes of data in a relational database?
A. Azure SQL database
B. Azure HDInsight
C. Azure SQL Data Warehouse (Azure Synapse )
D. Azure Data Lake Analytics
Answer 34:
C
Notes 34:
Azure SQL Data Warehouse (Azure Synapse ) is a cloud-based service that leverages massively parallel processing (MPP) to quickly run complex queries across petabytes of data in a relational database.
Question 35: You have an Azure subscription that contains the following unused resources:
Name
Type
Configuration
nic0
Network Interface
10.0.0.6
pip1
Public IP
Static
lb1
Load Balancer
Standard, 5 rules configured
VNet2
Virtual Network
10.1.0.0/16
VM3
Virtual Machine
Stopped (Deallocated)
Based on this information, which of the following unused resources should you remove to lower cost?
A. lb1
B. VNet2
C. pip1
D. nic0
E. VM3
Answer 35:
A and C
Notes 35:
The pricing for Standard Load Balancer is based on the number of rules configured (load balancer rules and NAT rules) and data processed. However, there is no hourly charge for the Standard Load Balancer itself when no rules are configured. Since this load balancer contains rules, it should be removed to save money.
In ARM deployment model, there is no charge for dynamic public IP addresses when the associated virtual machine is “stopped-deallocated”. However, you’re charged for a static public IP address irrespective of the associated resource (unless it is part of the first five static ones in the region). This resource should be removed.
Users are able to login to the service, log in to the Access Panel, access applications on the Access Panel and reset passwords. IT administrators are able to create, read, write and delete entries in the directory or provision or de-provision users to applications in the directory.
No SLA is provided for the Free tier of Azure Active Directory.
Question 38: Which of the following Azure support plans offer Severity “A” and “B” cases to be opened?
Question 39:This question requires that you evaluate the underlined text to determine if it is correct. When you are implementing a software as a service (SaaS) solution, you are responsible for configuring high availability. Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
Question 40:You have an on-premises network that contains several servers. You plan to migrate all the servers to Azure. You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period. What should you include in the recommendation?
Question 41: This question requires that you evaluate the underlined text to determine if it is correct. When planning to migrate a public website to Azure, you must plan to pay monthly usage costs. Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
A. No change is needed
B. Deploy a VPN
C. pay to transfer all the website data to Azure
D. reduce the number of connections to the website
Question 42: You have an on-premises network that contains 100 servers. You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs. What should you include in the recommendation?
Question 43: Which Azure offering refers to a set of development, testing, and automation tools?
A. Azure Cognitive Services
B. Azure Boards
C. Azure DevOps
D. GitHub
Answer 43:
C
Notes: Azure DevOps Services provides development collaboration tools, including high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and continuous testing capabilities.
Question 44: Which of the following are available in the Azure Marketplace?
A. Virtual machine images
B. SaaS applications
C. Solution templates
D. Sample application code
Answer 44:
A B C
Notes: Virtual machine images are available in the Azure Marketplace. Images are available for Windows and Linux. Stock operating system images, as well as custom images with pre-installed applications, are also available.
SaaS applications make up the majority of the Azure Marketplace. One click allows you to install and use many popular applications — such as Office365, Salesforce, Zoom, and others — seamlessly with your Azure subscription.
Solution templates allow you to deploy entire IaaS solutions with a simple click. Examples include complete SharePoint farms as well as SQL Always Available clusters.
Question 45: Which of the following regulates data privacy in the European Union (EU)?
A. ITIL
B. GDPR
C. ISO
D. NIST
Answer 45:
B
Notes: The General Data Protection Regulation (EU) 2016/679 (“GDPR”) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Question 46: You currently have two Azure Pay-As-You-Go subscriptions. You would like to transfer billing ownership of the subscriptions to another account while moving the subscriptions into the other accounts Azure AD tenant. How can you accomplish this?
A. Open a support ticket by contacting Microsoft Azure Support
B. In the Azure Portal, under Azure Subscriptions click Change Directory
C. Using Azure CLI, run the az account merge command
D. In the Azure Portal, under Cost Management + Billing under Azure Subscriptions
Answer 46:
Notes: It is here that we can transfer billing ownership by clicking on the context menu for the subscription. We then select “Transfer billing ownership” and as part of the process, we can provide the email associated with the other account, and can also choose to move the subscription into the Azure AD tenant of the other account. This will move the subscription into the default Azure AD tenant of the destination account.
Notes: A support request can only be opened via the Azure Portal.
Question 48: You attempt to create several managed disks in your Azure environment. In the Portal, you receive a message that you must increase your Azure subscription limits. What should you do to increase the limits?
A. Modify an Azure policy.
B. Use Azure PowerShell to create the new managed disks.
Question 49: A company wants to build a new voting kiosk for sales to governments around the world. Which IoT technologies should the company choose to ensure the highest degree of security?
A. IoT Hub
B. IoT Central
C. Azure Sphere
D. Azure IoT
Answer 49:
C
Notes: Azure Sphere provides the highest degree of security to ensure the device has not been tampered with.
Question 50: This question requires that you evaluate the underlined text to determine if it is correct. When you are implementing a software as a service (SaaS) solution, you are responsible for configuring high availability. Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
A. No change is needed.
B. defining scalability rules
C. installing the SaaS solution
D. configuring the SaaS solution
Answer 50:
D
Notes: configuring the SaaS solution
Question 51: A company wants to quickly manage its individual IoT devices by using a web-based user interface. Which IoT technology should it choose?
A. IoT Hub
B. IoT Central
C. Azure Sphere
D. Azure IoT
Answer: B – IoT Central quickly creates a web-based management portal to enable reporting and communication with IoT devices.
Question 52: You want to send messages from the IoT device to the cloud and vice versa. Which IoT technology can send and receive messages?
A. IoT Hub
B. IoT Central
C. Azure Sphere
D. Azure IoT
Answer: A – An IoT hub communicates to IoT devices by sending and receiving messages.
In Azure, every VM – regardless if Linux or Windows – gets a temporary disk assigned automatically. This temporary disk is located on the physical server (the hypervisor) where the Azure VM is hosted and is non-persistent. Disks used by the operating system or additionally added data disks are persistent disks and stored in Azure Storage.
Azure VM’s can be moved from its current host to new host at any time due to maintenance, hardware failures or other reasons. In such an event, the data from the temporary storage will not preserve or moved to the new host. Apart from the hardware failures, there are many other reasons data from the temporary disk will be lost:
Resizing of the VM
Restarting of the VM
Moving from one host to another
Updating/upgrading of host
Really, the temporary disk should never be used for data that has to be persistent. To avoid misconfiguration, the disk also has the drive label “Temporary Storage” and includes a text file “DATALOSS_WARNING_README.txt”. Read more here…
It depends on the virtual machine type we talk about. Some Azure virtual machines include a Windows operating system license in their price (some even include a SQL Server). Some do not, however, there is an “Azure Hybrid Use Benefit” in certain Microsoft licensing programs, where basically the customer can use its previously acquired software licenses on Azure virtual machines (“bring you own license”). Also, there are Azure virtual machines available with different Linux distributions (both commercial and community), Windows Server license is obviously not included in these. Continue reading here
Hello. Yes They charge you for the disk usage too. So its Disk, Network, License (if Windows Server Instance) and Processor/RAM that are taken into consideration
(more)
Why don’t I see the N-Series (vga enabled) VMs in my Azure vm sizes list (I have Bizspark subscription)?
It has nothing to do with BizSpark. N series VMs are generally available since 1 December, 2016 (Azure N-Series: General availability on December 1 ), but only in select Azure datacenter regions. Please consult the Azure Products by Region | Microsoft Azure website for regional availability.
(more)
What is a data disk in Azure VM?
What are things to look out for when choosing a location for your Microsoft Azure VM?
The argument in placing a cloud vm would be performance. Performance in the cloud world means cost. The better performance you need the more its going to cost you. But the other side of that is the faster you can solve the problem you are trying to solve. The business problem to evaluate in placement of a VM is loosley these two things: Does increasing the performance of the application provide the overall answers required faster? Are there things you can do to your application that will allow it to better take advantage of cloud capabilities…
Please review Azure Monitor, the built-in monitoring service in Azure. Azure Monitor provides metrics and logs for many services in Azure including VMs. A quick overview : Product documentation: Get started with Azure Monitor Note: As of today (Apr ‘17) Cloud Services metrics are served using an older telemetry pipeline but that is the process of being migrated to Azure Monitor pipeline. You will soon be able to consume Cloud Service metrics via Azure Monitor, the same way you can for Azure VMs, Web Apps or Azure SQL DBs.
Azure Backup introduces a reinforcement expansion to the Azure VM specialist that is running on the VM. This expansion backs up the whole VM. You can back up explicit records and organizers on the Azure VM by running the MARS operator.
Make sure you have VMs in Availability set. Before selecting a VM collect below inputs either from Application or from Performance monitoring team 1. Maximum IOPS required. 2. Maximum size of DB in next 2 years at least. Based on these inputs select the VM size and required storage tier – Standard or Premium. For high performance, you can perform disk stripping if you require more than 5000 IOPS. Also you can configure Backup to URL.
(more)
Could I connect to a Linux Azure VM using SSH and private IP through Putty?
Absolutely. You can check your VM’s public IP address on the Azure Portal and SSH into it with the SSH client of your choice. A private IP allows Azure VMs to communicate with other resources in a virtual network or an on-premises network through a VPN or ExpressRoute. So you can SSH into an Azure VM using the private IP from the same virtual network or via VPN / ExpressRoute.
Azure portal ( Microsoft Azure ) now has a feature called Cloud Shell. This basically gets you a command line interface, in the browser, where you can make an authenticated access to Azure resources, including your virtual machines. Both Bash and PowerShell are available, and you can also save your frequently used scripts, etc for later re-use. More details here: Azure Cloud Shell – Browser-Based Command Line | Microsoft Azure
How to resize a Linux VM with the Azure CLI – Azure Linux Virtual Machines az vm resize –resource-group mygroup –name mytestvm –size Standard_D4s_v3 This call would trigger instance restart in the background if needed.
This document indicates how a Linux VM password can be reset Reset Linux VM password and SSH key from the CLI. There is also an option in the Azure portal (https://portal.azure.com). Go to the details of the virtual machine you wish to reset the password for and look for “reset password” at the bottom left:
Depending on what OS you are using lets say Linux. You could use properJavaRDP you will need a Java VM installed. I’ve used this with success the screen refresh was not great tho.
Select Diagnostics settings from the Azure UI blade.
Under the Overview tab: Pick a Storage account: Select your storage account so that the metrics stats can be stored. Click on ‘Enable guest level monitoring‘ and wait for the process to complete.
If I change the size of my Azure VM while running a script, will that stop the execution of the script? (Currently using a Linux VM).
Changing the size of an Azure VM (scaling up or down) is only possible with a reboot. That will most definitely stop the execution of your script.
(more)
How do I make an Azure VM snapshot?
1. On the Azure portal, select Create a resource. 2. Search for and select Snapshot. 3. In the Snapshot window, select Create. 4. Enter a Name for the snapshot. 5. Select an existing Resource group or enter the name of a new one. 6. Select an Azure datacenter Location.
(more)
On the Azure portal, select Create a resource.
Search for and select Snapshot.
In the Snapshot window, select Create. …
Enter a Name for the snapshot.
Select an existing Resource group or enter the name of a new one.
Select an Azure datacenter Location.
Can we restrict a developer (on Microsoft Azure VM) to not upload a source code on any website or email?
You can restrict a developer from uploading a source code on any website by following the below steps: 1. Go to the desired VM instance in the Azure portal 2. Select “Access control (IAM)” option from the left pane 3. Select Role Assignment option under +Add option 4. Now, you will be able to assign any one of the available pre-defined roles to a user 5. Give contributor level access to the respective developer, now he will not be able to access/upload a file to the website
The region prices are related to pricing conditions in particular region. In details it is about tenancy of physical area, prices of the hardware from vendors, the cost of man-hours in a particular region for IT specialists and other Azure datacenter workers, and so on. Unfortunately, I can’t find any reference for that information, I’m talking here personally as the person who works with Azure every day and have a contact with Microsoft teams.
(more)
Can we spin up a Windows Azure VM programmatically from a php page? We can assume that we have valid Microsoft Credentials.
The REST Management API is the one you want to go for. Authentication is certificate based. You’ll have to upload a management certificate using the Windows Azure portal in able for your PHP application to authenticate. A good starting point on how to use the Windows Azure REST APIs for management can be found here How to use Windows Azure service management APIs (PHP). Like Rahul suggested, once you have that up-and-running use the Operations on Virtual Machines API set to manipulate your Virtual Machine deployments.
(more)
How do you reduce the size of my Azure VM disk?
Hi, Below are some points that would be beneficial for you. 1. Pick the best possible disk size. 2. Compress the panel size in the VM. 3. Export the managed disk to a VHD. 4. Compress the exported VHD. 5. Make another new managed disk from the VHD. 6. Make another VM from the new recently created disk. 7. Alternatively, clean up all the old resources. Hope it helps.
(more)
Your company wants to use Azure to manage all of their IoT devices. They are going to create the infrastructure themselves, but need a backend in Azure to manage the flow of data, and to ensure security as well as ease of deployment of new devices. Which Azure product or solution would be suitable?
Azure IoT Hub is a solution for providing managed services for large IoT projects. It provides secure and reliable communication from devices to the Azure backend. Azure IoT Central is a SaaS solution that provides both managed connections and security as well as the dashboards and applications to use the data. Event Grid is used to connect many Azure services. IoT Hub
Your company has a new Azure virtual network that needs to be secured. What is the best way to only allow specific kinds of outside traffic into this network?
Use an Azure Firewall attached to the virtual network.
Azure Firewall blocks any incoming or outgoing traffic that isn’t specifically allowed on a network. A Network Security Group manages the traffic to specific services, Azure DDoS Protection Service protects against attacks and a load balancer distributes traffic to specific VMs. Azure Firewall FAQ
How is authorization different from authentication?
Authentication is the process of proving that you are who you say you are. Authorization is the act of granting an authenticated party permission to do something.
Authentication is the process of proving that you are who you say you are. It’s sometimes shortened to AuthN. The Microsoft identity platform uses the OpenID Connect protocol for handling authentication. Authorization is the act of granting an authenticated party permission to do something. It specifies what data you’re allowed to access and what you can do with that data. Authorization is sometimes shortened to AuthZ. The Microsoft identity platform uses the OAuth 2.0 protocol for handling authorization. Reference: Authentication vs. authorization
Which minimum costing support plan provides access to general guidance with architecture support?
The Developer support plan provides access to technical support via email in business hours and is the most-effective. The Standard and
You are looking to build and host your website on Azure without needing to manage the underlying infrastructure. Which type of Cloud service should you choose?
Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications, all without you having to manage any of the underlying infrastructure or services. Reference: What is PaaS? Platform as a Service
You are beginning to extend your on-premises data center into Azure. You have created a new Azure subscription and resource group called RG-One. You deploy two virtual machines into RG-One with the intent of promoting these to Active Directory domain controllers. What kind of cloud service would this be considered?
Infrastructure as a service (IaaS) is the use of on-demand computing infrastructure which is provisioned and managed over the internet. Deploying virtual machines into an Azure subscription would be considered an IaaS service. Reference: What is IaaS? Infrastructure as a Service
Define the concept of “dynamic elasticity.”
Dynamic elasticity is defined as a cloud service that both quickly scales up and also back down in order to serve your changing workload patterns for the lowest cost.
Which Azure service can host your web apps without you having to manage underlying infrastructure?
Azure App Service enables you to build and host web apps, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. Azure App Service documentation – Azure App Service
Which Azure service can you use to make sure your virtual machines are running smoothly and without problems?
Azure Monitor collects and analyzes telemetry data from your virtual machines to provide your with alerts and recommendations for how they are running. Azure Monitor overview – Azure Monitor
Which Azure DevOps tool would you use to share applications and code libraries?
Azure Artifacts is a service in Azure DevOps, which can host code libraries and applications for you to share internally or externally. Azure Boards is for project managers. Azure Repos holds your source code. Azure Test Plans is used to create manual and automatic test scenarios for your application. Azure Pipelines is the process that builds and deploys your application. Azure DevOps Services
What are the main components of an Azure VPN Gateway setup?
The VPN Gateway must be attached to an Azure Virtual Network.
An on-premises network with a complimentary gateway that can accept the encrypted data.
A secure connection, called a tunnel, which encrypts the traffic sent through it.
An Azure VPN Gateway consists of a Virtual Network, a secure connection called a tunnel, and an on-premises network and gateway. A storage account, a backend pool of VMs and a Load Balancer are not needed. About Azure VPN Gateway
Your company has a large amount of documents that are both sensitive and important to a large number of people. How would you secure these documents so you can still share them, but track where they are?
Use Azure Information Protection – Azure Information Protection (AIP) is a cloud-based solution that helps your organization to classify and protect its documents and emails by applying labels. What is Azure Information Protection?
Which Azure solution would you implement to embed a watermark into Office documents that contain social security numbers?
Azure Information Protection (sometimes referred to as AIP) is a cloud-based solution that helps an organization classify and, optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. Azure Active Directory. This includes access to resources in Azure AD, Azure resources, and other Microsoft Online Services, like Office 365 or Microsoft Intune. What is Azure Information Protection? – AIP
What are region pairs?
A region that is linked with another region in the same geography) – Azure has the concept of region pairs, these are two or more regions that are at least 300 miles apart within a single Geography. This enables the ability to replicate certain resources such as virtual machine storage across the geography providing protection against such events as natural disasters or civil unrest. Ensure business continuity & disaster recovery using Azure Paired Regions
Which Azure tool allows you to view which user turned off a specific virtual machine during the last 14 days?
The correct answer is the Azure Activity Log – it is a logging service that provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. Events such as starting and stopping of virtual machines can be found here. Overview of Azure platform logs – Azure Monitor
What does Azure Information Protection do?
Provides the ability to securely share sensitive data – Azure Information Protection helps control and secure information (including emails and documents) that is shared outside of your organization. Azure information protection
Which of the following can be used to manage governance across multiple Azure subscriptions?
A. Azure initiatives
B. Management groups
C. Resource groups
B
Which of the following is a logical unit of Azure services that links to an Azure account?
A. Azure subscription
B. Management group
C. Resource group
D. Public cloud
A
Which of the following features does not apply to resource groups?
A. Resources can be in only one resource group.
B. Role-based access control can be applied to the resource group.
C. Resource groups can be nested.
C
Which of the following statements is a valid statement about an Azure subscription?
A. Using Azure doesn’t require a subscription.
B. An Azure subscription is a logical unit of Azure services.
B
You need to process messages from a queue, parse them by using some existing imperative logic written in Java, and then send them to a third-party API. Which serverless option should you choose?
Azure Functions: Azure Functions is the correct choice because you can use existing Java code with minimal modification.
You want to orchestrate a workflow by using APIs from several well-known services. Which is the best option for this scenario?
Azure Logic Apps: Azure Logic Apps makes it easy to create a workflow across well-known services with less effort than writing code and manually orchestrating all the steps yourself.
Your team has limited experience with writing custom code, but it sees tremendous value in automating several important business processes. Which of the following options is your team’s best option?
Azure Logic Apps is best suited for users who are more comfortable in a visual environment that allows them to automate their business processes. Logic Apps is the best option in this scenario.
You need to predict future behavior based on previous actions. Which product option should you select as a candidate?
A. Azure Machine Learning
B. Azure Bot Service
C. Azure Cognitive Services
Answer: A. Azure Machine Learning enables you to build models to predict the likelihood of a future result. It should not be eliminated as a candidate.
You need to create a human-computer interface that uses natural language to answer customer questions. Which product option should you select as a candidate?
A. Azure Machine Learning
B. Azure Cognitive Services
C. Azure Bot Service
Answer: Azure Bot Service creates virtual agent solutions that utilize natural language. It should not be eliminated as a candidate.
You need to identify the content of product images to automatically create alt tags for images formatted properly. Which product option is the best candidate?
A. Azure Machine Learning
B. Azure Cognitive Services
C. Azure Bot Service
Answer: Azure Cognitive Services includes Vision services that can identify the content of an image. Azure Cognitive Services is the best candidate.
Your development team is interested in writing Graph-based applications that take advantage of the Gremlin API. Which option would be ideal for that scenario?
A. Azure Cosmos DB
B. Azure SQL Database
C. Azure Databricks
D. Azure Database for PostgreSQL
Answer: Azure Cosmos DB supports SQL, MongoDB, Cassandra, Tables, and Gremlin APIs.
CompanyA uses the LAMP stack for several of its websites. Which option would be ideal for migration?
A. Azure Cosmos DB
B. Azure Database for MySQL C. Azure Database for PostgreSQL
B:Answer: Azure Database for MySQL is the logical choice for existing LAMP stack applications.
CompanyA has millions of log entries that it wants to analyze. Which option would be ideal for analysis?
A. Azure Cosmos DB B. Azure SQL Database C. Azure Database for PostgreSQL D. Azure Synapse Analytics
D: Azure Synapse Analytics is the logical choice for analyzing large volumes of data.
Which of the following options can you use to link virtual networks?
A. Network address translation B. Multi-chassis link aggregation C. Dynamic Host Configuration Protocol D. Virtual network peering
D: Answer: Virtual network peering can be used to link virtual networks.
Which of the following options isn’t a benefit of ExpressRoute?
A. Redundant connectivity B. Consistent network throughput C. Encrypted network communication
D. Access to Microsoft cloud services
C: Answer: ExpressRoute does provide private connectivity, but it isn’t encrypted.
Wow, what a difference a couple of days and a different set of questions makes. I took the exam Monday and fell just short of passing (659), and I retook it today and scored 850! The questions on the first attempt were definitely harder, and I could tell from the first few questions I was going to have a rough time.
Today was totally different and I felt like I was getting all the “gimme” questions first and was able to coast through most questions confidently. I flagged exactly half the questions for review and at the end I had 20 minutes leftover after I was done reviewing. Total day and night difference between the two attempts.
For preparation I used:
– Microsoft Learn
– A Cloud Guru AZ-900 course + practice exam
– Tutorials Dojo practice exam
– and of course, John Savill’s YT channel
I bought the TD practice exams because of all the suggestions here, and I can attest they were well worth the price. This morning before the exam I went through all the TD section-based exams and took each one until I scored 90% on every section. I don’t always condone preparing for the exam on the day of but it was certainly a nice confidence booster to help me get mentally prepared.
Pleased to have passed this first time with a score of 775!
For any looking to sit this, I’ve had around 3 years of experience proving 2nd line technical support for an Azure environment. I used the following to prep for this exam:
Scotty Duffy’s Udemy Course – this was a bit of a waste of time and money in my eyes, nowhere near detailed enough. There are some reviews from people saying they passed the exam using this course alone with no experience using Azure but I really do not believe that.
Tim Warner’s YouTube series – this was great bearing in mind it was free. Way more worth the time than Scott’s, I wish I’d have started here.
Tutorials Dojo Practise Exams – I’d only recommend using these exams to test your knowledge and build some confidence, the questions in the exam were more difficult but the format and nature of these give you a good idea of what to expect.
Hope this advice helps some of you – onto the AZ-104!
Step 3) Watch this cram video which will cement in the concepts
Study Material
Use tutorials dojo practice tests and do them until you reach 90+% Passing on average, Every question you get wrong make sure to read the explanation as to why you are wrong.
“Lift and shift” is a strategy for migrating a workload to the cloud without redesigning the application or making code changes. Also called rehosting. For more information, see Azure migration center.
Cloud optimized is a strategy for migrating to the cloud by refactoring an application to take advantage of cloud-native features and capabilities.
App Service. A managed service for hosting web apps, mobile app back ends, RESTful APIs, or automated business processes.
Azure Kubernetes Service (AKS). A managed Kubernetes service for running containerized applications.
Batch. A managed service for running large-scale parallel and high-performance computing (HPC) applications
Container Instances. The fastest and simplest way to run a container in Azure, without having to provision any virtual machines and without having to adopt a higher-level service.
Service Fabric. A distributed systems platform that can run in many environments, including Azure or on premises.
Virtual machines. Deploy and manage VMs inside an Azure virtual network.
Infrastructure-as-a-Service (IaaS) lets you provision individual VMs along with the associated networking and storage components. Then you deploy whatever software and applications you want onto those VMs. This model is the closest to a traditional on-premises environment, except that Microsoft manages the infrastructure. You still manage the individual VMs.
Platform-as-a-Service (PaaS) provides a managed hosting environment, where you can deploy your application without needing to manage VMs or networking resources. Azure App Service is a PaaS service.
Functions-as-a-Service (FaaS) goes even further in removing the need to worry about the hosting environment. In a FaaS model, you simply deploy your code and the service automatically runs it. Azure Functions are a FaaS service.
There is a spectrum from IaaS to pure PaaS. For example, Azure VMs can autoscale by using virtual machine scale sets. This automatic scaling capability isn’t strictly PaaS, but it’s the type of management feature found in PaaS services.
Azure Data Store:
Use the following flowchart to select a candidate data store.
Which of the following choices isn’t a cloud computing category: NAAS, PAAS, SAAS, IAAS, DAAS? – Networking-as-a-Service (NaaS)
To be honest seems like decent set of changes. In addition to reshuffling existing titles and task #s of several items, there is a redistribution of weight across objectives and removing of following sections:
3.1 Describe core solutions available in Azure
5.3 Describe privacy and compliance resources
6.2 Describe Azure Service Level Agreements (SLAs)
I passed Azure Fundamentals AZ900 Certification Testimonials
AZ-900 Passed today. Score of 835.
Achievement Celebration
Path I took:
Microsoft Learn course
John Savill Study Cram
SkillCertPro Practice Tests (were decent for what they were).
I found this somewhat simple and completed within 15 minutes. I do have some experience with Azure but don’t work in it every day. As always, John Savill’s knowledge was a great watch and the MS Learn course was quite good content wise. Exam was not hard but there were some gotcha questions around resource locks, SLAs, ExpressRoute and storage accounts.
Happy to answer any questions.
Passed AZ-900, SC-900, AI-900, and DP-900 within 6 weeks!
Achievement Celebration
What an exciting journey. I think AZ-900 is the hardest probably because it is my first Microsoft certification. Afterwards, the others are fair enough. AI-900 is the easiest.
I generally used Microsoft Virtual Training Day, Cloud Ready Skills, Measureup and John Savill’s videos. Having built a fundamental knowledge of the Cloud, I am planning to do AWS CCP next. Wish me luck!
Passed Azure Fundamentals
Learning Material
Hi all,
I passed my Azure fundamentals exam a couple of days ago, with a score of 900/1000. Been meaning to take the exam for a few months but I kept putting it off for various reasons. The exam was a lot easier than I thought and easier than the official Microsoft practice exams.
Study materials;
A Cloud Guru AZ-900 fundamentals course with practice exams
Literally just passed the exam an hour or so ago 🙂 Not full points but whatever, ~900 is enough.
Have 0 experience with any of it, actually just did it for fun because of the discounts on virtual training days and I thought why not, certification looks good.
Spent half of the virtual day course not listening but you have to log in for the exam discount. Around 4h or so in total watching John Savills content and some of the MS resource sites.
Exam questions were often not directly related to all the stuff talked in the courses so some kinda surprised me. Also I only spent like 25min in total going through them twice, much faster than I thought it was gonna be.
Savills content is gold though, a neat summary of the MS product system. MS resource sites are beneficial to go through as well.
Really doubt any of my future employers will actually take notice or care that much given I won’t go into the sysadmin industry but certification is certification right? And it was free 🙂
Now I just need to figure out how to actually get a pdf of the certificate/badge lol
I’m interested if Microsoft actually gives away discounts for the actual admin courses or if they just restrict it to fundamentals to promote their products? Did anyone do the admin exams with discounts?
Azure Certification Path 2022-2023
Popular: Az900 –> AZ104 –> AZ305 or AZ400 or AZ500 or AI900
Here’s a Microsoft certification for you, whether or not you’re thinking about what Microsoft Azure is and where to start, or where you should go next in your cloud job. There are around 16 Azure cloud assertions open. Here is an overview of current Microsoft Azure assertions.
Nuts and bolts Level Certifications
Microsoft Certified: Azure Fundamentals
Microsoft Certified: Azure Data Fundamentals
Microsoft Certified: Azure AI Fundamentals
Accomplished Level Certifications
Microsoft Certified: Azure Administrator Associate
Microsoft Certified: Azure Developer Associate
Microsoft Certified: Azure Database Administrator Associate
Microsoft Certified: Azure Security Engineer Associate
Microsoft Certified: Azure Data Scientist Associate
Microsoft Certified: Azure Data Engineer Associate
Microsoft Certified: Azure AI Engineer Associate
Microsoft Certified: Azure Stack Hub Operator Associate
Expert Level Certifications
Microsoft Certified: Azure Solutions Architect Expert
Microsoft Certified: DevOps Engineer Expert
Specialty Certifications
Microsoft Certified: Azure IoT Developer Specialty
Microsoft Certified: Azure for SAP Workloads Specialty
Microsoft Certified: Azure Virtual Desktop Specialty
There are also two other Microsoft assertions that are Azure-related. While we won’t cautiously depict them in this post, dependent upon your master way and limit, they might justify researching.
For security engineers responsible for peril the leaders, checking, and response, the Microsoft Certified: Security Operations Analyst Associate confirmation is required. It requires completing the SC-200 appraisal.
Test SC-300 is required for the Microsoft Certified: Identity and Access Administrator Associate, which is for heads who use Azure AD to manage IAM.
What mightbe prudent for you to do first?
In particular, you should make certain with regards to what a Microsoft Azure confirmation is and isn’t. Is simply clear? Phenomenal! Then, at that point, we ought to explore three circumstances that can assist you with picking where to start.
“I’m new to development. I’m essentially uninformed in regards to this ‘cloud’ that is quite serious.”
You can sort out some way to cloud in the event that you’re the kind of person who counts “Microsoft Word” as a specific capacity on your resume. On the off chance that you’re just beginning started, a section level certification will outfit you with the language and understanding you’ll need to all the more promptly analyze your ensuing stages. The AZ-900 Azure Fundamentals accreditation is your first stop on the Azure road.
The cloud might be alarming, yet the capacities you’ll get as you seek after this accreditation will help you with understanding it in a way that even an all out beginner can understand — especially if you have the right getting ready. (Look at me as a hotshot, yet I think our Azure Fundamentals getting ready is astonishing.)
“I have a fundamental cognizance of the cloud.”
Perhaps you’ve worked in the IT field beforehand. Perhaps you’ve attempted various things with AWS, GCP, or Azure. Do you accept you’re ready to make a dive? Press the brakes. Start with the Azure Fundamentals affirmation, if you haven’t at this point. In the best circumstance, you’ll see it to be a breeze. Regardless, paying little heed to how far you advance in Azure, this accreditation will give the establishment to future accomplishment. The accompanying crosspiece on the ladder (Azure Administrator Associate) can be an inconvenient one to ascend. Before dealing with it, you’ll need all of the Fundamentals data notwithstanding a huge load of Azure included knowledge.
Here are different Azure Certifications (Microsoft Certified)
AZ-900
For beginners, this is the best Microsoft Azure accreditation. It’s an unprecedented spot to start on the off chance that you’re new to appropriated processing or Microsoft Azure. This one would be Azure 101 if test names appeared to be okay and acceptable.
Test AZ-900: Microsoft Azure Fundamentals ($99 USD) is required.
There are no fundamentals.
For whom this is for?
In a general sense, everyone. Non-particular individuals with a cloud-related calling, similarly as new or cheerful designers or IT experts, could benefit from acknowledging what the cloud is and isn’t. Any person who needs to comprehend the Microsoft Azure environment should have the data expected to complete this evaluation.
Fundamentals DP-900 Microsoft Certified
For inescapable data focused cloud subject matter experts, this is a significant beginning advance assertion.
Test DP-900: Microsoft Azure Data Fundamentals ($99 USD) is required.
There are no fundamentals.
For whom this is for?
This helper is for informational collection draftsmen and data base administrators who are essentially starting with cloud data.
AI Fundamentals AI-900 Microsoft Certified
This Microsoft Azure affirmation exhibits that you appreciate the fundamentals of man-made mental ability (AI) and AI (ML) in Azure for amateurs with both particular and non-specific establishments.
Test AI-900: Microsoft Azure AI Fundamentals ($99 USD) is required.
There are no basics.
For whom this is for?
Reproduced insight Engineers, Data Scientists, Developers, and Solutions Architects with a working data on AL and ML, similarly as Azure organizations related with them. This affirmation, like the others in the Azure Fundamentals series, is normal for those with both specific and non-particular establishments. That proposes data science and PC programming experience aren’t required, but Microsoft recommends making them program data or experience.
Administrator Associate AZ-104 is a Microsoft attestation.
For the IT swarm, this is the rudiments of Azure organization. This takes you from a fundamental perception of the cloud to having the alternative to perform cloud tasks (and get repaid to do them).
Test AZ-104: Microsoft Azure Administrator ($165 USD) is required.
For whom this is for?
This affirmation is for IT specialists and administrators who screen cloud assets and resources and direct cloud system. This test is (mistakenly) seen as an entry level test, yet you’ll need to know an immense heap of anticipated that information should pass and do whatever it takes not to have your AZ denied.
Hi I just passed AI-102 and I would like to study and take another exam, however I am looking only for the exams with similar or identical format to AI-102, which is no simulation tasks. What other intermediate level exams will have similar format to AI-102? DP-204, AZ-204? submitted by /u/datapim [link] [comments]
My organization is planning to buy a subscription for the employees to learn about azure. I'm the tech lead they asked me to come up with resource which has best value for money. The requirement is to learn about azure and also if possible people need to learn about certification syllabus. I suggested with pluralsight, cloud guru. But whats the best paid subscription model in industry for azure cert and azure learning. submitted by /u/dev241994 [link] [comments]
Which one is useful for the current market or think has a better use in the future? azure Ai engineer Or azure data scientist associate submitted by /u/Weird_Trip3052 [link] [comments]
https://preview.redd.it/ji1gkim2f4zc1.png?width=598&format=png&auto=webp&s=081042d022188a98ea38a6d5e8ec1b69c0bbc7ee Hey everyone, in your opinion.. is completing this course + some question banks enough to pass DP 100, i have 1 month till my exam date so i can add more study material. Thanks! submitted by /u/AdZealousideal5177 [link] [comments]
Is there a way to allow a user to have multiple (2) phone numbers for 2fa in Office365 Business. I have disabled the Microsoft enforced policy, but I don’t see tge desired option. submitted by /u/CLSonReddit [link] [comments]
I have been looking on here and I hear Tutorials Dojo is really good for az-104 practice tests. I can see only one practice exam for $14.99 that has a Timed mode, Review Mode and a Final Test. Anyone know if this is the one I need to purchase? submitted by /u/hp-redd [link] [comments]
We have a client at my company who's moving their servers to Azure, however one of our internal tools for our software that will be hosted on their servers heavily relies on symbolic links. I'm aware Azure doesn't support them, does anyone know of any alternative solutions? Thank you submitted by /u/Hot_Baker_6881 [link] [comments]
Hi hoping for any advice for anyone who has RBAC setup or perhaps something better. I’m currently adding job titles and departments to every user in ad (no idea why no one did it before me). Once done I would like to create dynamic groups to catch both roles and departments that will provide access to all relevant share point sites and even go into installing different softwares (once I’ve built out the image past the generic one currently used) I know this will be a lot of work as I’ll have to speak to every department on needs but does anyone see any issues with this method or think there’s a better one? submitted by /u/Large_Pineapple2335 [link] [comments]
I’m working on my AZ-104, and just got done with access packages. I went through it in a lab, but I want to make sure I understand this correctly: A global admin creates the package and it requires direct assignment. New user Bob Joe starts. Bobs account is created, and the access package is assigned. Bob now has access to these resources (applications, Teams etc). In a sense, this basically automatically provisions that identity with access to the resources it would need right? submitted by /u/denmicent [link] [comments]
More than 215 000 000 computers will be sold in 2020. As of 2020, 75 percent of Americans owned a desktop or laptop computer. Among all households, about 78 percent had a desktop or laptop, 75 percent had a handheld computer such as a smartphone or other hand- held wireless computer, and 77 percent had a broadband Internet subscription.
The technical specifications of laptops usually fall into the following categories: Processor, Memory, Graphics, Screen Size and Storage. Depending on your needs, you might be either overpaying for something you don’t need, or haven’t set aside the budget for something you do need. Let’s break it down and find out.
When you’re choosing a new laptop computer, it’s important to understand the specs and features you’ll see listed by each model. That way, you can be sure to choose the right laptop for your own particular needs.
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more codes)
Knowing what processor to go for, how much Ram you’ll need and whether or not you require a graphics card are all questions will have a bearing on your setup, and your budget.
What are Good Laptop Specs?
Processor – CPU – The brains of the laptop, the better the processor, the faster your computer will run. For a dependable laptop, an Intel i3 is fine, but an i5 will guarantee good speeds. Laptops with i7 chips cost a lot more, and are more suited to those running design software or games.
Screen – Size and resolution of screen will have a big impact on your experience. It’s best not to go smaller than a 13-inch screen, though you can live without 4K displays unless you’re a professional designer or photo-editor. Full HD resolution is fine.
Storage Space– The amount of space you can use to store your files. It’s best not to accept less than 256GB for a solid state drive (SSD, which helps laptops run faster), or less than 1TB for a traditional hard drive (not as fast, but more generous with the storage).
RAM – Used for juggling multiple applications at once. More RAM can give you a speed boost. These days, 8GB RAM is the minimum to aim for. 16GB or 32GB is only needed for high-end machines.
Graphics card– An additional graphics card is used for gaming and image editing. If you only need to browse the web, email and stream video, you can live without an advanced graphics card.
Below are the laptops with the best overall specs as of November 2020:
OS: Mac OS CPU: intel Core i9 RAM: 16 GB Up to 64GB Storage: 512GB Up to 8TB SSD Screen: 16 inch Note: Intel Core i9 processor with up to 8 cores and 16 threads of processing power sustains higher performance for longer periods of time
OS: Win 10 Pro CPU: intel Core i7 RAM: 16 GB Storage: 1TB SSD Screen: 16 inch Note: Ultra-light and versatile. At your desk, on the couch, or in the yard, get more done your way with Surface Pro 7, featuring a laptop-class Intel® Core™ processor, all-day battery,¹ and HD cameras.
Three types of batteries power the laptops you’ll find in service today, nickel cadmium (NiCad), nickel metal hydride (NiMH), and lithium ion (Li-ion), with Li-ion being the most common in newer laptops. Each battery type has a different chemistry for generating a charge and, therefore, different characteristics.
Which is best battery for laptop? Top battery life performers
Is it bad to leave your laptop plugged in all the time? Laptops are only as good as their batteries, however, and proper care of your battery is essential to making sure it retains a long life and charge. Leaving your laptop plugged in constantly is not bad for your battery, but you will need to be careful of other factors, such as heat, to prevent your battery from damage.
There is no reason why a laptop wouldn’t work just fine without the battery in it, as long as you take a few aspects into account. First of all, make sure you’re using the original power adapter that came with the laptop.
Is it OK to use laptop while charging? In short, yes. It is perfectly fine to use your laptop while plugged in and fully charged. Laptops these days are designed to be used while plugged in, as most automatically switch to a power saving mode when running on battery only to extend usage.
A laptop computer battery should last between two and four years, or around 1,000 full charges. The total lifetime of a battery is dependent on several factors. These factors include battery type (NiCad, NiMH, or Li-ion), how often the battery is used, and its age.
How do I know if I need a new battery for my laptop? Once your battery reaches a low enough capacity, Windows will warn you that your battery needs to be replaced. A red “X” will appear over the battery icon. If you click the icon to display more info, you will likely see a message that reads “plugged in, not charging. Consider replacing your battery.”
The processor, sometimes called the CPU (central processing unit), is the heart of any laptop and has the greatest impact on your productivity. A faster processor means apps load quickly, you can run multiple apps at once, and the computer won’t lag and cause slowdowns when you run processor-intensive tasks.
Modern laptops rarely ever run always at 2.6Ghz all cores. If yours does then expect subpar battery life but very good performance. If this happens to be the boost clock than your performance will be objectively terrible. This laptop must be fanless or something.
What is a good CPU speed?
A clock speed of 3.5 GHz to 4.0 GHz is generally considered a good clock speed for gaming but it’s more important to have good single-thread performance. This means that your CPU does a good job of understanding and completing single tasks. This is not to be confused with having a single-core processor.
What’s more important RAM or processor?
RAM is essentially the core of any computer or smartphone and in most cases, more is always better. RAM is as significant at the processor. A right amount of RAM on your smartphone or computer optimizes performance and the ability to support various types of software.
Used for juggling multiple applications at once. More RAM can give you a speed boost. These days, 8GB RAM is the minimum to aim for. 16GB or 32GB is only needed for high-end machines.
How much RAM does a laptop need?
For anyone looking for the bare computing essentials, 4GB of laptop RAM should be sufficient. If you want your PC to be able to flawlessly accomplish more demanding tasks at once, such as gaming, graphic design, and programming, you should have at least 8GB of laptop RAM.
Can you put RAM in a laptop?
Adding or upgrading RAM in a laptop does not require any computer skills, just a screwdriver. First, determine how much memory you‘d like to add. See our guide to estimate the amount of computer memory you need. Another way to improve performance is to upgrade your hard disk drive to a solid state drive.
Which Laptop RAM is best?
Corsair Vengeance LED. Corsair is one of the most trusted names when it comes to the best RAM on the market. Its Vengeance series, especially, has something for everyone with its LED DDR4 offerings.
Which RAM is fastest?
Corsair releases their fastest ever DDR4 RAM. Corsair has announced that their Vengeance LPX DDR4 memory kits are soon to be available in their highest ever speed, and a record for commercially available RAM, 4,866MHz. This RAM will be available in 2x 8GB kits.
How do I get more RAM on my laptop for free?
Using A USB Flash Drive Or SD Card To Increase RAM. ReadyBoost in Windows allows you to increase your PC RAM with the help of a USB drive or SD card. The way ReadyBoost works is by creating a Swap file on the USB drive or SD card. This makes them be utilized as a memory cache.
The most common hard drive capacity in today’s laptops is 1 Terabyte (TB) or 1,000 Gigabytes (GB). Many of the cheap laptops come with a smaller 500 GB hard drive, while 2 TB size is occasionally used in some more expensive notebooks.
Can you add storage to your laptop?
If you can open up your laptop, you can replace its internal drive with a larger drive — or insert a second internal drive, in the off chance that your laptop has a second drive bay. Upgrading your laptop is often possible, but it’s definitely more work than quickly plugging in an external storage device!
How much storage does a laptop need?
If you mainly store text files and photos, then 1TB of storage space is sufficient. However, if you want to store a lot of movies, games, and other large files on your PC, it’s wise to reserve at least 2TB of storage space on your laptop.
Types of storage devices
Primary Storage: Random Access Memory (RAM) Random Access Memory, or RAM, is the primary storage of a computer.
Secondary Storage: Hard Disk Drives (HDD) & Solid-State Drives (SSD) …
Most modern laptops and all-in-one computers now come with integrated webcams built into the display. While these built-in models are more convenient to use, external webcam models do have some advantages.
While they necessitate expense beyond a laptop or PC, external webcams are apt to have higher quality components that allow for fine tuning. Embedded webcams are typically small; small components directly impact the level of camera performance and image quality.
A: To turn on a built-in camera in Windows 10, just type “camera” into the Windows search bar and find “Settings.” Alternatively, press the Windows button and “I” to open Windows Settings, then select “Privacy” and find “Camera” on the left sidebar.
Laptops frequently share memory between the CPU and the GPU, saving space and reducing power consumption. … A laptop displays its graphics on a liquid crystal display (LCD) screen. Most screens measure between 12 and 17 inches, and the size of the screen affects the overall size of the laptop.
Every screen installed in any laptop has a screen model number on the back of the LCD screen. This is without a doubt the best way to order replacement screens. The model number denotes the size, the resolution and the backlight type.
Which laptop screen is best?
Alienware m15 (2019): 265% The Alienware m15 tops the list with its incredibly vibrant display.
I would prefer the laptop with the smaller screen and make sure you have miracast or google chromecast. That way you could use mostly all TVs as your screen when needed. The other option you have a big screen and a computer that might not preform.
11 to 12 inches: The thinnest and lightest systems around have 11- to 12-inch screens and typically weigh 2.5 to 3.5 pounds. 13 to 14 inches: Provides the best balance of portability and usability, particularly if you get a laptop that weighs under 4 pounds.
How do I know my laptop size?
To measure a laptop screen size, take a measuring tape and start measuring from the bottom left of the laptop screen diagonally to the top right of the laptop screen. That is your laptop size.
15″ laptops weigh less, are easier to carry around and have better battery life. There isn’t much difference performance wise between a 17″ and a 15″. The main differences are portability and the optional keypad.
The larger the laptop, the bigger the screen. Big screens are nice, but for a laptop it comes at the cost of size and weight. So basically you have to balance the tradeoffs between portability and screen size.
Battery life tends to be better for larger laptops due to there being more space for a battery, but not all models make use of it. And in some cases the larger sizes of machine have a different set of hardware which may actually drain the battery faster.
The larger the laptop, the bigger the screen. Big screens are nice, but for a laptop it comes at the cost of size and weight. So basically you have to balance the tradeoffs between portability and screen size.
The larger the laptop, the bigger the screen. Big screens are nice, but for a laptop it comes at the cost of size and weight. So basically you have to balance the tradeoffs between portability and screen size.
Battery life tends to be better for larger latpops due to there being more space for a battery, but not all models make use of it. And in some cases the larger sizes of machine have a different set of hardware which may actually drain the battery faster.
Of course Macs (of any model) are “worth it” to literally tens of millions of people a year. That’s not hype. Apple actually sells that many every year. And Macs have topped customer satisfaction ratings for literal decades as a result:
Apple has cemented its place atop the American Customer Satisfaction Index, a sort of Michelin guide for customer service, for the eleventh straight year.
In a new report released by ACSI, Apple continued its lead over big name rivals such as Dell, Acer, Hewlett-Packard and the catch-all “All Others” when it comes to satisfaction with computing devices — including desktops, laptops and tablets. Scores are based on everything from pre-sale customer expectations, to perceived value and quality, customer complaint incidents and overall consumer loyalty.
If you are new to Macs, it would be good for you to do a little of your own research before making a final decision. Have a look at Apple’s webpage just for new Mac users:
If you can, go to your local Apple Store and play around with some Macs. That will also give you a good idea of the differences between the different models.
And with that, I’ll give you my own personal perspective on this topic:
I’ve used and written software for Macs (and all of the other mainstream platforms) since the 1980s when there were no standardized mainstream platforms. I make a living developing enterprise software for Linux, Windows, macOS, etc on a daily basis. I’ve done the overwhelming majority of my professional work – especially later in my career while earning much more money – on Macs. But I use them for lots of other things like encoding HD video, editing AV media, graphics work, running virtual machines and Docker containers, and so on.
Windows flat-out sucks for software development and system architecture work – and it’s pretty bad for general desktop use as well, IMO. I can say this because I use Windows for such things daily. Most of the development tools I need to use regularly aren’t built into Windows, and are more complicated to use and configure. For instance, GitBash has a different console than Windows. OpenSSH, Ruby, Python, Apache, and tons of other languages / tools aren’t built in and are more of a pain to install and configure, and the list goes on and on. In general, Windows makes you work harder than you would on a Mac. Microsoft has tried to make things better by providing a Linux subsystem – and I’ve used Cygwin long before that – but even those are a kludge in comparison to Unix being the core of the OS in macOS, and all of the normal tools coming pre-installed. And macOS has lots of features (like Continuity) that significantly improve your productivity – those mostly don’t exist on other platforms.
I can tell you the 2019/2020 model MacBook Pros are huge upgrades from previous MacBook Pro models. The 2019 16-inch MacBook Pro in particular is a fantastic machine.
For all of the hype about keyboard issues in previous models, Apple’s return to the scissor-switch keyboard is of course great, and the Touch Bar includes a physical Escape key as well. But the truth is those keyboard problems affected a relatively small number of people, and there are much bigger improvements than that.
In terms of processing power, RAM, and storage, you can configure it all the way up to a 2.4GHz 8-core 9th-generation Intel Core i9 processor (Turbo Boost up to 5.0GHz), an AMD Radeon Pro 5500M with 8GB of GDDR6 memory, 64GB of 2666MHz DDR4 memory, and 8TB of 3.2GB/s SSD storage.
The thermal cooling system is redesigned and much more efficient. It’s so efficient, in fact, that thermal throttling is truly a thing of the past.
The screen outputs 500 nits of brightness and has automatic True Tone color shifting with a consistent P3 wide color gamut. It’s just plain gorgeous.
The sound system is a completely redesigned six-speaker setup that has way more bass and much less distortion than any model before it. Stereo separation is remarkable, mids are clear, and the bass is better than I’ve heard on any laptop before. It sounds amazing. And they redesigned the microphones into a three-mic array which really improves audio recordings too.
I own the beefiest 2019 16-inch MacBook Pro with the 2.4GHz 8-core 9th-generation Intel Core i9 processor (Turbo Boost up to 5.0GHz), the AMD Radeon Pro 5500M with 8GB of GDDR6 memory, 32GB of DDR4 memory, and 2TB of SSD storage. I bought it when it was first released. And I’ve been putting it through different work loads since I got it.
And I’m pleased to report my MacBook Pro happily encodes HD video (one of the most demanding tasks I do on a regular basis) with all cores maxed out for literal hours, at a sustained speed of somewhere above 3GHz, without any CPU throttling, and the temperatures hovering in the 83-95° C range. The fans while this is going on are surprisingly quiet. The bottom of the case (which often feels like a heat sink in older models) doesn’t even feel very warm to the touch compared with older models.
It’s downright speedy. The display is gorgeous and bright. The keyboard is really nice and responsive. The trackpad, like Apple’s others, is the best in the industry. It’s a beast in a really thin, fairly lightweight, relatively small package. I’m loving it!™
It’s worth every single penny.
2) Are MacBook Pro models designed and made more durable over time?
As someone who has used and owned various model Apple laptops since the 1998 PowerBook G3 250 (Wallstreet), I’m happy to report that Apple has indeed designed their laptops to be more durable as time goes on and newer models are released.
Anyone who has used Apple laptops for a minute can tell you today’s aluminum unibody MacBook Pros are far more durable than the PowerBook G4 models they replaced, which were in turn far more durable than the plastic PowerBook G3 models they replaced.
The unibody construction Apple introduced in 2008 was a huge leap forward in rigidity of the chassis which translates into a corresponding natural increase in durability. It’s no mistake that all of Apple’s top competitors in the laptop space are copying this design. Before that, the chassis consisted of multiple parts that were held together with brackets and screws, which naturally made them much less durable. And before that, lots of plastic was used, which was even weaker. And as anyone who was alive and using laptops back then knows, that was the state of laptops until Apple innovated in that area.
As is so often the case, Apple leads, the industry follows.
The MacBook Pro has a fan, the MacBook Air does not have any fan at all
That means that the biggest difference is that the MacBook Pro can spin up the fan to provide much more cooling so it then can ramp up the processor clock rate (what Intel calls Turbo Boost)
There is minor difference in that the lowest cost MacBook Air (below $1,000 USD) has 7 GPU cores instead of the 8 cores in the more expensive MacBook Air model, and 8 GPU cores in the more expensive MacBook Air model. This is a relatively minor difference and most users will not notice any difference
That is because Apple actively expends a huge amount of effort into protecting your privacy and security, farmer effort than any and all other operating systems (including Windows, Android, and Linux)
Buying refurbished products directly from Apple is a good way to pay less, in my experience.
When Apple refurbishes a product, the product is sent back to the factory where faulty or damaged parts – including parts with scratches or blemishes – are removed and replaced with brand-new parts. Then it undergoes a battery of low-level and high-level tests to ensure all parts function correctly. When you receive an Apple-refurbished product, it is virtually indistinguishable from a new product. It quite literally looks and smells new. And it comes with the same standard warranty and support as a new product. The only noticeable difference is that the packaging is plain rather than being the retail packaging, and of course the price is often significantly reduced compared to a new product. I’ve purchased Apple refurbished products for years and have been pleased with every single one.
Other retailers do not use Apple’s process when they refurbish items. Each one is different. Some give you a product with scratches, blemishes, and even fingerprints on it. Some do little more than wipe the product with a rag and throw it back in the box. Some do component-level (soldering, etc) repairs that may or may not actually fix all of the problems. Some don’t even bother testing functionality after repair is done. And often there is no adjustment to the original manufacturer’s warranty, which means depending on the age of the device, you’re only going to get a partial warranty – assuming the warranty wasn’t voted by whoever “repaired” it before you got it. For this reason, I don’t recommend buying refurbished Apple products from anyone but Apple directly.
You could probably use it for that – but I have to say if you listed every computer on sale today – and asked me to rank them in order of which one I’d get – the surface pro would be at the very bottom of the list.
The MAIN thing I find essential is to have a large, high-res screen and a proper keyboard and mouse.
Personally – I’d get a cheap used laptop – and spend your money on a 27″ external monitor and a nice external keyboard and mouse. That way, you have a good setup for home/office use – and can still pick up the laptop and take it with you at other times.
I guess you could probably to that with the Surface Pro 2 – but it’s three times the price and half as good as a low end laptop.
No they are different devices intended for different uses.
MacBooks can perform all computers tasks
Can run an unlimited variety of apps installed on the machine
Runs all macOS apps
Runs all Windows apps (if you install Windows)
Runs web apps
Runs UNIX apps
Runs (well written) Linux apps
Well built, top quality hardware that lasts for many years
Known for having the best security and privacy
Chromebooks are strictly restricted
Can only run Google apps
Must have a good connection to access all apps
Known as a “Thin Client” or a “NetBook” which means it it the least powerful, lowest cost device to barely get a minimal job done with greatly reduced functionality.
Built on the cheapest possible hardware because Cost is the primary driving factor for this product
Unknown security and has no privacy because this a Google product
To Conclude: Chromebook is the cheapest possible way to get a few tasks done, where a MacBook is the most versatile, powerful, dependable, secure way to get everything done over many years.
The Chrome operating system is a and Heritage from Linux and has many of the Great features found in Linux I believe that Windows is inferior to Linux and therefore inferior to Chromebook an advantage of Chromebook is that in general it is less costly than a comfortable Windows system
Linux vs Windows
MS generally works as does Linux. Both have places where they break but both work most of the time.
Linux has almost all of its software in a repository, that is like an app store but Linux is free and also has no advertisements. It is also all security checked and tested to work.
In 99.99% of the cases you will need no other software.
Virus
Linux can have viruses etc but in reality that is not true. I have used it with no malware (virus) checker and NEVER had any sort of invasive or take over software. There few attempts to create malware for Linux because Linux designers are security virulent so it is very difficult to break while Windows is easy.
There are more Windows systems The result is hackers attack Windows not Linux.
Linux has some things that I find wonderful. When you update you almost never have to reboot. Updates take place in the background and never interrupt your work or force you to reboot when you don’t want to. You never have to type in software keys.
5. Invest in some Battery > > Usually six-cell battery is used by most of the people, but many manufacturers offer eight- or even 12-cell optional upgrades, which can double your power.
6. Charge it properly – Dont overcharge or discharge completely
7. Set your screen brightness to medium
8. Close any unnecessary programs that you are not using at the moment.
9. Keep your laptop safe from viruses and trojans ect as they can create processes in the background which inturn will increase cpu utilisation which wil consume battery.
10. Keep the laptop to sleep if you are leaving it idle for a short period of time
11. Do not connect any unwanted devices to the laptop as they will draw some power from the ports
12. Turn off the radios(Bluetooth,wifi etc) when not in use.
With a weight under 3 pounds and a tall 17-inch display, you get the space for keeping up your productivity in a body made for working at home or anywhere else.
If you’ve been working from home on a 13-, 14- or 15-inch laptop and you’re finding your productivity suffering by working on its small screen, you may be craving moving to something larger. An external display might make the most sense assuming you’ve got the room for one. But, if you need something more mobile and lap-friendly, the LG Gram 17 might do the trick because, despite its tall 17-inch display, it’s incredibly light with a long battery life making it a standout in the category.
Loans Debts Mortgages Finances Calculators – Unit and Currency Converters
At some stage, we all need or want more money than we have. Funding a new set of wheels is the number one reason to take out a personal loan. Perhaps unsurprisingly, men are more likely than women to take out a personal loan. According to our survey, 69.05% of men said they’ve taken out a loan compared to 62.09% of women.
What to expect when taking out a loan? what is the total cost of a loan? Use these calculators below to find out.
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more codes)
With this Quick Unit Converter Calculator you will be able to convert all types of units from Metric to Imperial systems & Vice-versa in seconds.
Use this simple and FREE loan calculator to calculate the real cost of any type of loans before accepting and signing. Remember, banks are not your friends.
Use this simple and FREE loan and mortgage comparison calculator to compare the real cost difference of any type of loans or mortgages before choosing. Remember, banks are not your friends.
The average monthly car payment in the U.S. is $550 for new vehicles, $393 for used and $452 for leased. Americans borrow an average $32,480 for new vehicles and $20,446 for used. The average loan term is 69 months for new cars, 35 months for used and 37 months for leased vehicles. Gen Xers are the most likely to have a car loan, and carry the highest auto loan balances with a median of $19,313.
Use this simple and FREE mortgage calculator to calculate the real cost of a mortgage before accepting it. Remember, banks are not your friends. Always shop around and never forget that you are the boss. Negotiate, negotiate and negotiate
A reverse mortgage is a mortgage loan, usually secured by a residential property, that enables the borrower to access the unencumbered value of the property. The loans are typically promoted to older homeowners and typically do not require monthly mortgage payments.Use this FREE reverse mortgage calculator to know the real cost of a reverse mortgage before accepting it. Remember, Banks are not your friends.
Yield is also the annual profit that an investor receives for an investment. The interest rate is the percentage charged by a lender for a loan. Interest rate is also used to describe the amount of regular return an investor can expect from a debt instrument such as a bond or certificate of deposit (CD).
How do you pay back a credit card? Here’s how it works: Step 1: Make the minimum payment on all of your accounts. Step 2: Put as much extra money as possible toward the account with the highest interest rate. Step 3: Once the debt with the highest interest is paid off, start paying as much as you can on the account with the next highest interest rate.
CyberSecurity 101 and Top 25 AWS Certified Security Specialty Questions and Answers Dumps
Almost 4.57 billion people were active internet users as of July 2020, encompassing 59 percent of the global population. 94% of enterprises use cloud. 77% of organizations worldwide have at least one application running on the cloud. This results in an exponential growth of cyber attacks. Therefore, CyberSecurity is one the biggest challenge to individuals and organizations worldwide: 158,727 cyber attacks per hour, 2,645 per minute and 44 every second of every day.
I- The AWS Certified Security – Specialty (SCS-C01) examination is intended for individuals who perform a security role. This exam validates an examinee’s ability to effectively demonstrate knowledge about securing the AWS platform.
It validates an examinee’s ability to demonstrate:
An understanding of specialized data classifications and AWS data protection mechanisms.
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more codes)
An understanding of data-encryption methods and AWS mechanisms to implement them.
An understanding of secure Internet protocols and AWS mechanisms to implement them.
A working knowledge of AWS security services and features of services to provide a secure production environment.
Competency gained from two or more years of production deployment experience using AWS security services and features.
The ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements.
An understanding of security operations and risks.
Question 2: A company has AWS workloads in multiple geographical locations. A Developer has created an Amazon Aurora database in the us-west-1 Region. The database is encrypted using a customer-managed AWS KMS key. Now the Developer wants to create the same encrypted database in the us-east-1 Region. Which approach should the Developer take to accomplish this task?
A) Create a snapshot of the database in the us-west-1 Region. Copy the snapshot to the us-east-1 Region and specify a KMS key in the us-east-1 Region. Restore the database from the copied snapshot.
B) Create an unencrypted snapshot of the database in the us-west-1 Region. Copy the snapshot to the useast-1 Region. Restore the database from the copied snapshot and enable encryption using the KMS key from the us-east-1 Region
C) Disable encryption on the database. Create a snapshot of the database in the us-west-1 Region. Copy the snapshot to the us-east-1 Region. Restore the database from the copied snapshot.
D) In the us-east-1 Region, choose to restore the latest automated backup of the database from the us-west1 Region. Enable encryption using a KMS key in the us-east-1 Region
ANSWER2:
A
Notes/Hint2:
If a user copies an encrypted snapshot, the copy of the snapshot must also be encrypted. If a user copies an encrypted snapshot across Regions, users cannot use the same AWS KMS encryption key for the copy as used for the source snapshot, because KMS keys are Region specific. Instead, users must specify a KMS key that is valid in the destination Region
Question 3: A corporate cloud security policy states that communication between the company’s VPC and KMS must travel entirely within the AWS network and not use public service endpoints. Which combination of the following actions MOST satisfies this requirement? (Select TWO.)
A) Add the aws:sourceVpce condition to the AWS KMS key policy referencing the company’s VPC endpoint ID.
B) Remove the VPC internet gateway from the VPC and add a virtual private gateway to the VPC to prevent direct, public internet connectivity.
C) Create a VPC endpoint for AWS KMS with private DNS enabled.
D) Use the KMS Import Key feature to securely transfer the AWS KMS key over a VPN. E) Add the following condition to the AWS KMS key policy: “aws:SourceIp”: “10.0.0.0/16“.
ANSWER3:
A and C
Notes/Hint3:
An IAM policy can deny access to AWS KMS except through your VPC endpoint with the following condition statement:
“Condition”: {
“StringNotEquals”: {
“aws:sourceVpce”: “vpce-0295a3caf8414c94a”
}
}
If you select the Enable Private DNS Name option, the standard AWS KMS DNS hostname resolves to your VPC endpoint.
Question 4: An application team is designing a solution with two applications. The security team wants the applications’ logs to be captured in two different places, because one of the applications produces logs with sensitive data. Which solution meets the requirement with the LEAST risk and effort?
A) Use Amazon CloudWatch Logs to capture all logs, write an AWS Lambda function that parses the log file, and move sensitive data to a different log.
B) Use Amazon CloudWatch Logs with two log groups, with one for each application, and use an AWS IAM policy to control access to the log groups, as required.
C) Aggregate logs into one file, then use Amazon CloudWatch Logs, and then design two CloudWatch metric filters to filter sensitive data from the logs.
D) Add logic to the application that saves sensitive data logs on the Amazon EC2 instances’ local storage, and write a batch script that logs into the Amazon EC2 instances and moves sensitive logs to a secure location.
In an n-tier architecture, each tier’s security group allows traffic from the security group sending it traffic only. The presentation tier opens traffic for HTTP and HTTPS from the internet. Since security groups are stateful, only inbound rules are required.
Question 6: A security engineer is working with a product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services, and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider. Which combination of the following actions should the engineer take to enable users to be authenticated into the web application and call APIs? (Select THREE).
A) Create a custom authorization service using AWS Lambda.
B) Configure a SAML identity provider in Amazon Cognito to map attributes to the Amazon Cognito user pool attributes.
C) Configure the SAML identity provider to add the Amazon Cognito user pool as a relying party.
D) Configure an Amazon Cognito identity pool to integrate with social login providers.
E) Update DynamoDB to store the user email addresses and passwords.
F) Update API Gateway to use an Amazon Cognito user pool authorizer.
ANSWER6:
B, C and F
Notes/Hint6:
When Amazon Cognito receives a SAML assertion, it needs to be able to map SAML attributes to user pool attributes. When configuring Amazon Cognito to receive SAML assertions from an identity provider, you need ensure that the identity provider is configured to have Amazon Cognito as a relying party.Amazon API Gateway will need to be able to understand the authorization being passed from Amazon Cognito, which is a configuration step.
Question 7: A company is hosting a web application on AWS and is using an Amazon S3 bucket to store images. Users should have the ability to read objects in the bucket. A security engineer has written the following bucket policy to grant public read access:
Attempts to read an object, however, receive the error: “Action does not apply to any resource(s) in statement.” What should the engineer do to fix the error?
A) Change the IAM permissions by applying PutBucketPolicy permissions.
B) Verify that the policy has the same name as the bucket name. If not, make it the same.
C) Change the resource section to “arn:aws:s3:::appbucket/*”.
D) Add an s3:ListBucket action.
ANSWER7:
C
Notes/Hint7:
The resource section should match with the type of operation. Change the ARN to include /* at the end, as it is an object operation.
Question 8: A company decides to place database hosts in its own VPC, and to set up VPC peering to different VPCs containing the application and web tiers. The application servers are unable to connect to the database. Which network troubleshooting steps should be taken to resolve the issue? (Select TWO.)
A) Check to see if the application servers are in a private subnet or public subnet.
B) Check the route tables for the application server subnets for routes to the VPC peering connection.
C) Check the NACLs for the database subnets for rules that allow traffic from the internet.
D) Check the database security groups for rules that allow traffic from the application servers.
E) Check to see if the database VPC has an internet gateway.
Question 9: A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The security team has the following requirements for the architecture:
Data must be encrypted in transit.
Data must be encrypted at rest.
The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.
Which combination of steps would meet the requirements? (Select TWO.)
A) Enable AES-256 encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket.
B) Enable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket.
C) Add a bucket policy that includes a deny if a PutObject request does not include aws:SecureTransport.
D) Add a bucket policy with aws:SourceIp to allow uploads and downloads from the corporate intranet only.
E) Enable Amazon Macie to monitor and act on changes to the data lake’s S3 bucket.
Question 10: A security engineer must ensure that all API calls are collected across all company accounts, and that they are preserved online and are instantly available for analysis for 90 days. For compliance reasons, this data must be restorable for 7 years. Which steps must be taken to meet the retention needs in a scalable, cost-effective way?
A) Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket with versioning enabled. Set a lifecycle policy to move the data to Amazon Glacier daily, and expire the data after 90 days.
B) Enable AWS CloudTrail logging across all accounts to S3 buckets. Set a lifecycle policy to expire the data in each bucket after 7 years.
C) Enable AWS CloudTrail logging across all accounts to Amazon Glacier. Set a lifecycle policy to expire the data after 7 years.
D) Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket. Set a lifecycle policy to move the data to Amazon Glacier after 90 days, and expire the data after 7 years.
ANSWER10:
D
Notes/Hint10:
Meets all requirements and is cost effective by using lifecycle policies to transition to Amazon Glacier.
Question 11: A security engineer has been informed that a user’s access key has been found on GitHub. The engineer must ensure that this access key cannot continue to be used, and must assess whether the access key was used to perform any unauthorized activities. Which steps must be taken to perform these tasks?
A) Review the user’s IAM permissions and delete any unrecognized or unauthorized resources.
B) Delete the user, review Amazon CloudWatch Logs in all regions, and report the abuse.
C) Delete or rotate the user’s key, review the AWS CloudTrail logs in all regions, and delete any unrecognized or unauthorized resources.
D) Instruct the user to remove the key from the GitHub submission, rotate keys, and re-deploy any instances that were launched.
Question 12: You have a CloudFront distribution configured with the following path patterns: When users request objects that start with ‘static2/’, they are receiving 404 response codes. What might be the problem?
A) CloudFront distributions cannot have multiple different origin types
B) The ‘*’ path pattern must appear after the ‘static2/*’ path
C) CloudFront distributions cannot have origins in different AWS regions
D) The ‘*’ path pattern must appear before ‘static1/*’ path
ANSWER12:
C
Notes/Hint12:
CloudFront distributions cannot have origins in different AWS regions
Question 13: An application running on EC2 instances processes sensitive information stored on Amazon S3. The information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk. Which solution will resolve the security concern?
A) Access the data through an Internet Gateway.”,
B) Access the data through a VPN connection.”,
C) Access the data through a NAT Gateway.”,
D) Access the data through a VPC endpoint for Amazon S3″,
ANSWER13:
D
Notes/Hint13:
VPC endpoints for Amazon S3 provide secure connections to S3 buckets that do not require a gateway or NAT instances. NAT Gateways and Internet Gateways still route traffic over the Internet to the public endpoint for Amazon S3. There is no way to connect to Amazon S3 via VPN.
Question 14: An organization is building an Amazon Redshift cluster in their shared services VPC. The cluster will host sensitive data. How can the organization control which networks can access the cluster?
A) Run the cluster in a different VPC and connect through VPC peering
B) Create a database user inside the Amazon Redshift cluster only for users on the network
C) Define a cluster security group for the cluster that allows access from the allowed networks
D) Only allow access to networks that connect with the shared services network via VPN
ANSWER14:
C
Notes/Hint14:
A security group can grant access to traffic from the allowed networks via the CIDR range for each network. VPC peering and VPN are connectivity services and cannot control traffic for security. Amazon Redshift user accounts address authentication and authorization at the user level and have no control over network traffic
Question 15: From a security perspective, what is a principal?
A) An identity
B) An anonymous user
C) An authenticated user
D) A resource
ANSWER15:
B and C
Notes/Hint15:
An anonymous user falls under the definition of a principal. A principal can be an anonymous user acting on a system. An authenticated user falls under the definition of a principal. A principal can be an authenticated user acting on a system
Question 16: A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution. Which solution will meet the security team’s mandate?
A) Put the access key in an S3 bucket, and retrieve the access key on boot from the instance.
B) Pass the access key to the instances through instance user data.
C) Obtain the access key from a key server launched in a private subnet
D) Create an IAM role with permissions to access the table, and launch all instances with the new role
ANSWER16:
D
Notes/Hint16:
IAM roles for EC2 instances allow applications running on the instance to access AWS resources without having to create and store any access keys. Any solution involving the creation of an access key then introduces the complexity of managing that secret
Question 17: While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using ____.”,
Question 18: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?
A) Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
B) Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
C) Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
D) Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.”,
ANSWER18:
D
Notes/Hint18:
With Envelope Encryption, unencrypted data is encrypted using plaintext Data key. This Data is further encrypted using plaintext Master key. This plaintext Master key is securely stored in AWS KMS & known as Customer Master Keys.
Question 19: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?
A) Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
B) Configure S3 bucket tags with your AWS access keys for your bucket hosting your website so that the application can query them for access.
C) Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
D) Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.
ANSWER2:
C
Notes/Hint19:
With web identity federation, you don’t need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don’t have to embed and distribute long-term security credentials with your application. Option A is invalid since Roles cannot be assigned to S3 buckets Options B and D are invalid since the AWS Access keys should not be used
Question 20: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?
A) Cognito Data
B) Cognito Events
C) Cognito Streams
D) Cognito Callbacks
ANSWER20:
C
Notes/Hint20:
Amazon Cognito Streams gives developers control and insight into their data stored in Amazon Cognito. Developers can now configure a Kinesis stream to receive events as data is updated and synchronized. Amazon Cognito can push each dataset change to a Kinesis stream you own in real time. All other options are invalid since you should use Cognito Streams
Question 22:Which of the following statements are correct? (Choose 2)
A) The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
B) The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
C) The envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key.
D) The Customer MasterKey is used to encrypt and decrypt plain text files.
ANSWER22:
A and B
Notes/Hint22:
AWS Key Management Service Concepts: The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key, The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
Question 23:Which of the following is an encrypted key used by KMS to encrypt your data
A) Customer Managed Key
B) Encryption Key
C) Envelope Key
D) Customer Master Key
ANSWER23:
C
Notes/Hint23:
Your Data key also known as the Enveloppe key is encrypted using the master key. This approach is known as Envelope encryption. Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key
Question 26: A Security engineer must develop an AWS Identity and Access Management (IAM) strategy for a company’s organization in AWS Organizations. The company needs to give developers autonomy to develop and test their applications on AWS, but the company also needs to implement security guardrails to help protect itself. The company creates and distributes applications with different levels of data classification and types. The solution must maximize scalability.
Which combination of steps should the security engineer take to meet these requirements? (Choose three.)
A) Create an SCP to restrict access to highly privileged or unauthorized actions to specific AM principals. Assign the SCP to the appropriate AWS accounts.
B) Create an IAM permissions boundary to allow access to specific actions and IAM principals. Assign the IAM permissions boundary to all AM principals within the organization
C) Create a delegated IAM role that has capabilities to create other IAM roles. Use the delegated IAM role to provision IAM principals by following the principle of least privilege.
D) Create OUs based on data classification and type. Add the AWS accounts to the appropriate OU. Provide developers access to the AWS accounts based on business need.
E) Create IAM groups based on data classification and type. Add only the required developers’ IAM role to the IAM groups within each AWS account.
F) Create IAM policies based on data classification and type. Add the minimum required IAM policies to the developers’ IAM role within each AWS account.
Answer: A B and C
Notes:
If you look at the choices, there are three related to SCP, which controls services, and three related to IAM and permissions boundaries.
Limiting services doesn’t help with data classification – using boundaries, policies and roles give you the scalability and can solve the problem.
Question 27: A Network Load Balancer (NLB) target instance is not entering the InService state. A security engineer determines that health checks are failing,
Which factors could cause the health check failures? (Choose three.)
A) The target instance’s security group does not allow traffic from the NLB.
B) The target instance’s security group is not attached to the NLB
C) The NLB’s security group is not attached to the target instance.
D) The target instance’s subnet network ACL does not allow traffic from the NLB.
E) The target instance’s security group is not using IP addresses to allow traffic from the NLB.
F) The target network ACL is not attached to the NLB.
B D and E I believe. You have a one to many relationship based on L3 NLB, and it’s unreachable – well architected would put them in same security group, the traffic would have to be allowed on the port that’s sending and receiving. The host points back to NLB as default gateway. Don’t think other ones fit. Plus BDE is a preferred combo for their tests. I remember it with the acronym big dice envy.
Cryptography: Practice and study of techniques for secure communication in the presence of third parties called adversaries.
Hacking: catch-all term for any type of misuse of a computer to break the security of another computing system to steal data, corrupt systems or files, commandeer the environment or disrupt data-related activities in any way.
Cyberwarfare: Uuse of technology to attack a nation, causing comparable harm to actual warfare. There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists
Penetration testing: Colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment.
Malwares: Any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.
Malware Analysis Tool: Any .Run Malware hunting with live access to the heart of an incident https://any.run/Malware Analysis Total: VirusTotal – Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community https://www.virustotal.com/gui/
VPN: A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, although not an inherent, part of a VPN connection.
Antivirus: Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
DDos: A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers,” it generally means it has become a victim of a DDoS attack.
Fraud Detection: Set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud detection is applied to many industries such as banking or insurance. In banking, fraud may include forging checks or using stolen credit cards.
Spywares: Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user; for example by violating their privacy or endangering their device’s security.
Spoofing: Disguising a communication from an unknown source as being from a known, trusted source
Pharming: Malicious websites that look legitimate and are used to gather usernames and passwords.
Catfishing: Creating a fake profile for fraudulent or deceptive purposes
SSL: Stands for secure sockets layer. Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.
Phishing emails: Disguised as trustworthy entity to lure someone into providing sensitive information
Intrusion detection System: Device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.
Encryption: Encryption is the method by which information is converted into secret code that hides the information’s true meaning. The science of encrypting and decrypting information is called cryptography. In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext.
MFA: Multi-factor authentication (MFA) is defined as a security mechanism that requires an individual to provide two or more credentials in order to authenticate their identity. In IT, these credentials take the form of passwords, hardware tokens, numerical codes, biometrics, time, and location.
Vulnerabilities: A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application.
SQL injections: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
Cyber attacks: In computers and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset.
Confidentiality: Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information.
Secure channel: In cryptography, a secure channel is a way of transferring data that is resistant to overhearing and tampering. A confidential channel is a way of transferring data that is resistant to overhearing, but not necessarily resistant to tampering.
Tunneling: Communications protocol that allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.
SSH: Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
SSL Certificates: SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website’s origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website’s public key and the website’s identity, along with related information.
Phishing: Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Cybercrime: Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may threaten a person, company or a nation’s security and financial health.
Backdoor: A backdoor is a means to access a computer system or encrypted data that bypasses the system’s customary security mechanisms. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.
Salt and Hash: A cryptographic salt is made up of random bits added to each password instance before its hashing. Salts create unique passwords even in the instance of two users choosing the same passwords. Salts help us mitigate rainbow table attacks by forcing attackers to re-compute them using the salts.
Password: A password, sometimes called a passcode,[1] is a memorized secret, typically a string of characters, usually used to confirm the identity of a user.[2] Using the terminology of the NIST Digital Identity Guidelines,[3] the secret is memorized by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol,[4] the verifier is able to infer the claimant’s identity.
Fingerprint: A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfaces such as glass or metal.
Facial recognition: Facial recognition works better for a person as compared to fingerprint detection. It releases the person from the hassle of moving their thumb or index finger to a particular place on their mobile phone. A user would just have to bring their phone in level with their eye.
Asymmetric key ciphers versus symmetric key ciphers (Difference between symmetric and Asymmetric encryption): The basic difference between these two types of encryption is that symmetric encryption uses one key for both encryption and decryption, and the asymmetric encryption uses public key for encryption and a private key for decryption.
Decryption: The conversion of encrypted data into its original form is called Decryption. It is generally a reverse process of encryption. It decodes the encrypted information so that an authorized user can only decrypt the data because decryption requires a secret key or password.
Algorithms: Finite sequence of well-defined, computer-implementable instructions, typically to solve a class of problems or to perform a computation.
Authentication: is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing’s identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate,[1] determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.
DFIR: Digital forensic and incident response: Multidisciplinary profession that focuses on identifying, investigating, and remediating computer network exploitation. This can take varied forms and involves a wide variety of skills, kinds of attackers, an kinds of targets. We’ll discuss those more below.
OTP: One Time Password: A one-time password, also known as one-time PIN or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device
Proxy Server and Reverse Proxy Server:A proxyserver is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverseproxyserver is a type of proxyserver that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server.
Offensive * Exploit Database – The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. https://www.exploit-db.com/
Dark Reading Cyber security’s comprehensive news site is now an online community for security professionals. https://www.darkreading.com/
The Hacker News – The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts. https://thehackernews.com
SecuriTeam – A free and independent source of vulnerability information. https://securiteam.com/
SANS NewsBites – “A semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.” Published for free on Tuesdays and Fridays. https://www.sans.org/newsletters/newsbites
SimplyCyber Weekly vids, Simply Cyber brings Information security related content to help IT or Information Security professionals take their career further, faster. Current cyber security industry topics and techniques are explored to promote a career in the field. Topics cover offense, defense, governance, risk, compliance, privacy, education, certification, conferences; all with the intent of professional development. https://www.youtube.com/c/GeraldAuger
HackADay – Hackaday serves up Fresh Hacks Every Day from around the Internet. https://hackaday.com/
TheCyberMentor – Heath Adams uploads regular videos related to various facets of cyber security, from bug bounty hunts to specific pentest methodologies like API, buffer overflows, networking. https://www.youtube.com/c/TheCyberMentor/
Grant Collins – Grant uploads videos regarding breaking into cybersecurity, various cybersecurity projects, building up a home lab amongst many others. Also has a companion discord channel and a resource website. https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA/featured
Risky Business Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals. https://risky.biz/
Pauls Security Weekly This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. https://securityweekly.com/category-shows/paul-security-weekly/
Security Now – Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. https://twit.tv/shows/security-now
Daily Information Security Podcast (“StormCast”) Stormcasts are daily 5-10 minute information security threat updates. The podcast is produced each work day, and typically released late in the day to be ready for your morning commute. https://isc.sans.edu/podcast.html
ShadowTalk Threat Intelligence Podcast by Digital Shadow_. The weekly podcast highlights key findings of primary-source research our Intelligence Team is conducting, along with guest speakers discussing the latest threat actors, campaigns, security events and industry news. https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk
Don’t Panic – The Unit 42 Podcast Don’t Panic! is the official podcast from Unit 42 at Palo Alto Networks. We find the big issues that are frustrating cyber security practitioners and help simplify them so they don’t need to panic. https://unit42.libsyn.com/
Recorded Future Recorded Future takes you inside the world of cyber threat intelligence. We’re sharing stories from the trenches and the operations floor as well as giving you the skinny on established and emerging adversaries. We also talk current events, technical tradecraft, and offer up insights on the big picture issues in our industry. https://www.recordedfuture.com/resources/podcast/
The Cybrary Podcast Listen in to the Cybrary Podcast where we discuss a range topics from DevSecOps and Ransomware attacks to diversity and how to retain of talent. Entrepreneurs at all stages of their startup companies join us to share their stories and experience, including how to get funding, hiring the best talent, driving sales, and choosing where to base your business. https://www.cybrary.it/info/cybrary-podcast/
Cyber Life The Cyber Life podcast is for cyber security (InfoSec) professionals, people trying to break into the industry, or business owners looking to learn how to secure their data. We will talk about many things, like how to get jobs, cover breakdowns of hot topics, and have special guest interviews with the men and women “in the trenches” of the industry. https://redcircle.com/shows/cyber-life
Career Notes Cybersecurity professionals share their personal career journeys and offer tips and advice in this brief, weekly podcast from The CyberWire. https://www.thecyberwire.com/podcasts/career-notes
Down the Security Rabbitholehttp://podcast.wh1t3rabbit.net/ Down the Security Rabbithole is hosted by Rafal Los and James Jardine who discuss, by means of interviewing or news analysis, everything about Cybersecurity which includes Cybercrime, Cyber Law, Cyber Risk, Enterprise Risk & Security and many more. If you want to hear issues that are relevant to your organization, subscribe and tune-in to this podcast.
The Privacy, Security, & OSINT Showhttps://podcasts.apple.com/us/podcast/the-privacy-security-osint-show/id1165843330 The Privacy, Security, & OSINT Show, hosted by Michael Bazzell, is your weekly dose of digital security, privacy, and Open Source Intelligence (OSINT) opinion and news. This podcast will help listeners learn some ideas on how to stay secure from cyber-attacks and help them become “digitally invisible”.
Defensive Security Podcasthttps://defensivesecurity.org/ Hosted by Andrew Kalat (@lerg) and Jerry Bell (@maliciouslink), the Defensive Security Podcasts aims to look/discuss the latest security news happening around the world and pick out the lessons that can be applied to keeping organizations secured. As of today, they have more than 200 episodes and some of the topics discussed include Forensics, Penetration Testing, Incident Response, Malware Analysis, Vulnerabilities and many more.
Darknet Diarieshttps://darknetdiaries.com/episode/ Darknet Diaries Podcast is hosted and produced by Jack Rhysider that discuss topics related to information security. It also features some true stories from hackers who attacked or have been attacked. If you’re a fan of the show, you might consider buying some of their souvenirs here (https://shop.darknetdiaries.com/).
Brakeing Down Securityhttps://www.brakeingsecurity.com/ Brakeing Down Security started in 2014 and is hosted by Bryan Brake, Brian Boettcher, and Amanda Berlin. This podcast discusses everything about the Cybersecurity world, Compliance, Privacy, and Regulatory issues that arise in today’s organizations. The hosts will teach concepts that Information Security Professionals need to know and discuss topics that will refresh the memories of seasoned veterans.
Open Source Security Podcasthttps://www.opensourcesecuritypodcast.com/ Open Source Security Podcast is a podcast that discusses security with an open-source slant. The show started in 2016 and is hosted by Josh Bressers and Kurt Siefried. As of this writing, they now posted around 190+ podcasts
Cyber Motherboardhttps://podcasts.apple.com/us/podcast/cyber/id1441708044 Ben Makuch is the host of the podcast CYBER and weekly talks to Motherboard reporters Lorenzo Franceschi-Bicchierai and Joseph Cox. They tackle topics about famous hackers and researchers about the biggest news in cybersecurity. The Cyber- stuff gets complicated really fast, but Motherboard spends its time fixed in the infosec world so we don’t have to.
Hak5https://shop.hak5.org/pages/videos Hak5 is a brand that is created by a group of security professionals, hardcore gamers and “IT ninjas”. Their podcast, which is mostly uploaded on YouTube discusses everything from open-source software to penetration testing and network infrastructure. Their channel currently has 590,000 subscribers and is one of the most viewed shows when you want to learn something about security networks.
Threatpost Podcast Serieshttps://threatpost.com/category/podcasts/ Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide. With an award-winning editorial team produces unique and high-impact content including security news, videos, feature reports and more, with their global editorial activities are driven by industry-leading journalist Tom Spring, editor-in-chief.
CISO-Security Vendor Relationship Podcasthttps://cisoseries.com Co-hosted by the creator of the CISO/Security Vendor Relationship Series, David Spark, and Mike Johnson, in 30 minutes, this weekly program challenges the co-hosts, guests, and listeners to critique, share true stories. This podcast, The CISO/Security Vendor Relationship, targets to enlighten and educate listeners on improving security buyer and seller relationships.
Getting Into Infosec Podcast Stories of how Infosec and Cybersecurity pros got jobs in the field so you can be inspired, motivated, and educated on your journey. – https://gettingintoinfosec.com/
Unsupervised Learning Weekly podcasts and biweekly newsletters as a curated summary intersection of security, technology, and humans, or a standalone idea to provoke thought, by Daniel Miessler. https://danielmiessler.com/podcast/
SECURITY BOOKS:
Building Secure & Reliable Systems Best Practices for Designing, Implementing and Maintaining Systems (O’Reilly) By Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield https://landing.google.com/sre/books/
Security Engineering By Ross Anderson – A guide to building dependable distributed systems. (and Ross Anderson is brilliant //OP editorial) https://www.cl.cam.ac.uk/~rja14/book.html
The Cyber Skill Gap By Vagner Nunes – The Cyber Skill Gap: How To Become A Highly Paid And Sought After Information Security Specialist! (Use COUPON CODE: W4VSPTW8G7 to make it free) https://payhip.com/b/PdkW
Texas A&M Security Courses The web-based courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power the global economy remain intact and secure. The web-based courses are offered through three discipline-specific tracks: general, non-technical computer users; technical IT professionals; and business managers and professionals. https://teex.org/program/dhs-cybersecurity/
AWS Cloud Certified Get skills in AWS to be more marketable. Training is quality and free. https://www.youtube.com/watch?v=3hLmDS179YE Have to create an AWS account, Exam is $100.
“Using ATT&CK for Cyber Threat Intelligence Training” – 4 hour training The goal of this training is for students to understand the following: at: https://attack.mitre.org/resources/training/cti/
Chief Information Security Officer (CISO) Workshop Training – The Chief Information Security Office (CISO) workshop contains a collection of security learnings, principles, and recommendations for modernizing security in your organization. This training workshop is a combination of experiences from Microsoft security teams and learnings from customers. – https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop
CLARK Center Plan C – Free cybersecurity curriculum that is primarily video-based or provide online assignments that can be easily integrated into a virtual learning environments https://clark.center/home
Hack.me is a FREE, community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party interested in Web Application Security. https://hack.me/
M.E. Kabay Free industry courses and course materials for students, teachers and others are welcome to use for free courses and lectures. http://www.mekabay.com/courses/index.htm
Enroll Now Free: PCAP Programming Essentials in Pythonhttps://www.netacad.com/courses/programming/pcap-programming-essentials-python Python is the very versatile, object-oriented programming language used by startups and tech giants, Google, Facebook, Dropbox and IBM. Python is also recommended for aspiring young developers who are interested in pursuing careers in Security, Networking and Internet-of-Things. Once you complete this course, you are ready to take the PCAP – Certified Associate in Python programming. No prior knowledge of programming is required.
Stanford University Webinar – Hacked! Security Lessons from Big Name Breaches 50 minute cyber lecture from Stanford.You Will Learn: — The root cause of key breaches and how to prevent them; How to measure your organization’s external security posture; How the attacker lifecycle should influence the way you allocate resources https://www.youtube.com/watch?v=V9agUAz0DwI
Stanford University Webinar – Hash, Hack, Code: Emerging Trends in Cyber Security Join Professor Dan Boneh as he shares new approaches to these emerging trends and dives deeper into how you can protect networks and prevent harmful viruses and threats. 50 minute cyber lecture from Stanford. https://www.youtube.com/watch?v=544rhbcDtc8
Kill Chain: The Cyber War on America’s Elections (Documentary) (Referenced at GRIMMCON), In advance of the 2020 Presidential Election, Kill Chain: The Cyber War on America’s Elections takes a deep dive into the weaknesses of today’s election technology, an issue that is little understood by the public or even lawmakers. https://www.hbo.com/documentaries/kill-chain-the-cyber-war-on-americas-elections
Intro to Cybersecurity Course (15 hours) Learn how to protect your personal data and privacy online and in social media, and why more and more IT jobs require cybersecurity awareness and understanding. Receive a certificate of completion. https://www.netacad.com/portal/web/self-enroll/c/course-1003729
Cybersecurity Essentials (30 hours) Foundational knowledge and essential skills for all cybersecurity domains, including info security, systems sec, network sec, ethics and laws, and defense and mitigation techniques used in protecting businesses. https://www.netacad.com/portal/web/self-enroll/c/course-1003733
Pluralsight and Microsoft Partnership to help you become an expert in Azure. With skill assessments and over 200+ courses, 40+ Skill IQs and 8 Role IQs, you can focus your time on understanding your strengths and skill gaps and learn Azure as quickly as possible.https://www.pluralsight.com/partners/microsoft/azure
Blackhat Webcast Series Monthly webcast of varying cyber topics. I will post specific ones in the training section below sometimes, but this is worth bookmarking and checking back. They always have top tier speakers on relevant, current topics. https://www.blackhat.com/html/webcast/webcast-home.html
Federal Virtual Training Environment – US Govt sponsored free courses. There are 6 available, no login required. They are 101 Coding for the Public, 101 Critical Infrastructure Protection for the Public, Cryptocurrency for Law Enforcement for the Public, Cyber Supply Chain Risk Management for the Public, 101 Reverse Engineering for the Public, Fundamentals of Cyber Risk Management. https://fedvte.usalearning.gov/public_fedvte.php
Harrisburg University CyberSecurity Collection of 18 curated talks. Scroll down to CYBER SECURITY section. You will see there are 4 categories Resource Sharing, Tools & Techniques, Red Team (Offensive Security) and Blue Teaming (Defensive Security). Lot of content in here; something for everyone. https://professionaled.harrisburgu.edu/online-content/
OnRamp 101-Level ICS Security Workshop Starts this 4/28. 10 videos, Q&A / discussion, bonus audio, great links. Get up to speed fast on ICS security. It runs for 5 weeks. 2 videos per week. Then we keep it open for another 3 weeks for 8 in total. https://onramp-3.s4xevents.com
HackXOR WebApp CTF Hackxor is a realistic web application hacking game, designed to help players of all abilities develop their skills. All the missions are based on real vulnerabilities I’ve personally found while doing pentests, bug bounty hunting, and research. https://hackxor.net/
flAWS System Through a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS). Multiple levels, “Buckets” of fun. http://flaws.cloud/
Stanford CS 253 Web Security A free course from Stanford providing a comprehensive overview of web security. The course begins with an introduction to the fundamentals of web security and proceeds to discuss the most common methods for web attacks and their countermeasures. The course includes video lectures, slides, and links to online reading assignments. https://web.stanford.edu/class/cs253
Linux Journey A free, handy guide for learning Linux. Coverage begins with the fundamentals of command line navigation and basic text manipulation. It then extends to more advanced topics, such as file systems and networking. The site is well organized and includes many examples along with code snippets. Exercises and quizzes are provided as well. https://linuxjourney.com
Ryan’s Tutorials A collection of free, introductory tutorials on several technology topics including: Linux command line, Bash scripting, creating and styling webpages with HTML and CSS, counting and converting between different number systems, and writing regular expressions. https://ryanstutorials.net
CYBER INTELLIGENCE ANALYTICS AND OPERATIONS Learn:The ins and outs of all stages of the intelligence cycle from collection to analysis from seasoned intel professionals. How to employ threat intelligence to conduct comprehensive defense strategies to mitigate potential compromise. How to use TI to respond to and minimize impact of cyber incidents. How to generate comprehensive and actionable reports to communicate gaps in defenses and intelligence findings to decision makers. https://www.shadowscape.io/cyber-intelligence-analytics-operat
Linux Command Line for Beginners 25 hours of training – In this course, you’ll learn from one of Fullstack’s top instructors, Corey Greenwald, as he guides you through learning the basics of the command line through short, digestible video lectures. Then you’ll use Fullstack’s CyberLab platform to hone your new technical skills while working through a Capture the Flag game, a special kind of cybersecurity game designed to challenge participants to solve computer security problems by solving puzzles. Finally, through a list of carefully curated resources through a series of curated resources, we’ll introduce you to some important cybersecurity topics so that you can understand some of the common language, concepts and tools used in the industry. https://prep.fullstackacademy.com/
Hacking 101 6 hours of free training – First, you’ll take a tour of the world and watch videos of hackers in action across various platforms (including computers, smartphones, and the power grid). You may be shocked to learn what techniques the good guys are using to fight the bad guys (and which side is winning). Then you’ll learn what it’s like to work in this world, as we show you the different career paths open to you and the (significant) income you could make as a cybersecurity professional. https://cyber.fullstackacademy.com/prepare/hacking-101
Choose Your Own Cyber Adventure Series: Entry Level Cyber Jobs Explained YouTube Playlist (videos from my channel #simplyCyber) This playlist is a collection of various roles within the information security field, mostly entry level, so folks can understand what different opportunities are out there. https://www.youtube.com/playlist?list=PL4Q-ttyNIRAqog96mt8C8lKWzTjW6f38F
NETINSTRUCT.COM Free Cybersecurity, IT and Leadership Courses – Includes OS and networking basics. Critical to any Cyber job. https://netinstruct.com/courses
HackerSploit – HackerSploit is the leading provider of free and open-source Infosec and cybersecurity training. https://hackersploit.org/
Computer Science courses with video lectures Intent of this list is to act as Online bookmarks/lookup table for freely available online video courses. Focus would be to keep the list concise so that it is easy to browse. It would be easier to skim through 15 page list, find the course and start learning than having to read 60 pages of text. If you are student or from non-CS background, please try few courses to decide for yourself as to which course suits your learning curve best. https://github.com/Developer-Y/cs-video-courses?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com
Cryptography I -offered by Stanford University – Rolling enrollment – Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. https://www.coursera.org/learn/crypto
Software Security Rolling enrollment -offered by University of Maryland, College Park via Coursera – This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them — such as buffer overflows, SQL injection, and session hijacking — and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. https://www.coursera.org/learn/software-security
Intro to Information Security Georgia Institute of Technology via Udacity – Rolling Enrollment. This course provides a one-semester overview of information security. It is designed to help students with prior computer and programming knowledge — both undergraduate and graduate — understand this important priority in society today. Offered at Georgia Tech as CS 6035 https://www.udacity.com/course/intro-to-information-security–ud459
Cyber-Physical Systems Security Georgia Institute of Technology via Udacity – This course provides an introduction to security issues relating to various cyber-physical systems including industrial control systems and those considered critical infrastructure systems. 16 week course – Offered at Georgia Tech as CS 8803 https://www.udacity.com/course/cyber-physical-systems-security–ud279
Finding Your Cybersecurity Career Path – University of Washington via edX – 4 weeks long – self paced – In this course, you will focus on the pathways to cybersecurity career success. You will determine your own incoming skills, talent, and deep interests to apply toward a meaningful and informed exploration of 32 Digital Pathways of Cybersecurity. https://www.edx.org/course/finding-your-cybersecurity-career-path
Building a Cybersecurity Toolkit – University of Washington via edX – 4 weeks self-paced The purpose of this course is to give learners insight into these type of characteristics and skills needed for cybersecurity jobs and to provide a realistic outlook on what they really need to add to their “toolkits” – a set of skills that is constantly evolving, not all technical, but fundamentally rooted in problem-solving. https://www.edx.org/course/building-a-cybersecurity-toolkit
Cybersecurity: The CISO’s View – University of Washington via edX – 4 weeks long self-paced – This course delves into the role that the CISO plays in cybersecurity operations. Throughout the lessons, learners will explore answers to the following questions: How does cybersecurity work across industries? What is the professionals’ point of view? How do we keep information secure https://www.edx.org/course/cybersecurity-the-cisos-view
Introduction to Cybersecurity – University of Washington via edX – In this course, you will gain an overview of the cybersecurity landscape as well as national (USA) and international perspectives on the field. We will cover the legal environment that impacts cybersecurity as well as predominant threat actors. – https://www.edx.org/course/introduction-to-cybersecurity
Cyber Attack Countermeasures New York University (NYU) via Coursera – This course introduces the basics of cyber defense starting with foundational models such as Bell-LaPadula and information flow frameworks. These underlying policy enforcements mechanisms help introduce basic functional protections, starting with authentication methods. Learners will be introduced to a series of different authentication solutions and protocols, including RSA SecureID and Kerberos, in the context of a canonical schema. – https://www.coursera.org/learn/cyber-attack-countermeasures
Introduction to Cyber Attacks New York University (NYU) via Coursera – This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. https://www.coursera.org/learn/intro-cyber-attacks
Enterprise and Infrastructure Security New York University (NYU) via Coursera – This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks. https://www.coursera.org/learn/enterprise-infrastructure-security
Network Security Georgia Institute of Technology via Udacity – This course provides an introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs in a wide range of security areas. – https://www.udacity.com/course/network-security–ud199
Real-Time Cyber Threat Detection and Mitigation – New York University (NYU) via Coursera This course introduces real-time cyber security techniques and methods in the context of the TCP/IP protocol suites. Explanation of some basic TCP/IP security hacks is used to introduce the need for network security solutions such as stateless and stateful firewalls. Learners will be introduced to the techniques used to design and configure firewall solutions such as packet filters and proxies to protect enterprise assets. https://www.coursera.org/learn/real-time-cyber-threat-detection
Hey everyone, I’ve started getting into hacking, and would like to know the cheapest but best Wi-Fi cracking/deauthing/hacking adapter. I’m on a fairly tight budget of 20AUD and am willing to compromise if needed. Priority is a card with monitor mode, then cracking capabilities, then deauthing, etc. Thank you guys! By the way, if there are any beginner tips you are willing to give, please let me know!
A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.
The web server sends the browser/server a copy of its SSL certificate.
The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.
The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.
Encrypted data is shared between the browser/server and the web server.
There are many benefits to using SSL certificates. Namely, SSL customers can:
Utilize HTTPs, which elicits a stronger Google ranking
Create safer experiences for your customers
Build customer trust and improve conversions
Protect both customer and internal data
Encrypt browser-to-server and server-to-server communication
Authentication — The process of checking if a user is allowed to gain access to a system. eg. Login forms with username and password.
Authorization — Checking if the authenticated user has access to perform an action. eg. user, admin, super admin roles.
Audit — Conduct a complete inspection of an organization’s network to find vulnerable endpoints or malicious software.
Access Control List — A list that contains users and their level of access to a system.
Aircrack-ng — Wifi penetration testing software suite. Contains sniffing, password cracking, and general wireless attacking tools.
Backdoor — A piece of code that lets hackers get into the system easily after it has been compromised.
Burp Suite — Web application security software, helps test web apps for vulnerabilities. Used in bug bounty hunting.
Banner Grabbing — Capturing basic information about a server like the type of web server software (eg. apache) and services running on it.
Botnet — A network of computers controlled by a hacker to perform attacks such as Distributed Denial of Service.
Brute-Force Attack — An attack where the hacker tries different login combinations to gain access. eg. trying to crack a 9 -digit numeric password by trying all the numbers from 000000000 to 999999999
Buffer Overflow — When a program tries to store more information than it is allowed to, it overflows into other buffers (memory partitions) corrupting existing data.
Cache — Storing the response to a particular operation in temporary high-speed storage is to serve other incoming requests better. eg. you can store a database request in a cache till it is updated to reduce calling the database again for the same query.
Cipher — Cryptographic algorithm for encrypting and decrypting data.
Code Injection — Injecting malicious code into a system by exploiting a bug or vulnerability.
Cross-Site Scripting — Executing a script on the client-side through a legitimate website. This can be prevented if the website sanitizes user input.
Compliance — A set of rules defined by the government or other authorities on how to protect your customer’s data. Common ones include HIPAA, PCI-DSS, and FISMA.
Dictionary Attack — Attacking a system with a pre-defined list of usernames and passwords. eg. admin/admin is a common username/password combination used by amateur sysadmins.
Dumpster Diving — Looking into a company’s trash cans for useful information.
Denial of Service & Distributed Denial of Service — Exhausting a server’s resources by sending too many requests is Denial of Service. If a botnet is used to do the same, its called Distributed Denial of Service.
DevSecOps — Combination of development and operations by considering security as a key ingredient from the initial system design.
Directory Traversal — Vulnerability that lets attackers list al the files and folders within a server. This can include system configuration and password files.
Domain Name System (DNS) — Helps convert domain names into server IP addresses. eg. Google.com -> 216.58.200.142
DNS Spoofing — Trikcnig a system’s DNS to point to a malicious server. eg. when you enter ‘facebook.com’, you might be redirected to the attacker’s website that looks like Facebook.
Encryption — Encoding a message with a key so that only the parties with the key can read the message.
Exploit — A piece of code that takes advantage of a vulnerability in the target system. eg. Buffer overflow exploits can get you to root access to a system.
Enumeration — Mapping out all the components of a network by gaining access to a single system.
Footprinting — Gathering information about a target using active methods such as scanning and enumeration.
Flooding — Sending too many packets of data to a target system to exhaust its resources and cause a Denial of Service or similar attacks.
Firewall — A software or hardware filter that can be configured to prevent common types of attacks.
Fork Bomb — Forking a process indefinitely to exhaust system resources. Related to a Denial of Service attack.
Fuzzing — Sending automated random input to a software program to test its exception handling capacity.
Hardening — Securing a system from attacks like closing unused ports. Usually done using scripts for servers.
Hash Function — Mapping a piece of data into a fixed value string. Hashes are used to confirm data integrity.
Honey Pot — An intentionally vulnerable system used to lure attackers. This is then used to understand the attacker’s strategies.
HIPAA — The Health Insurance Portability and Accountability Act. If you are working with healthcare data, you need to make sure you are HIPAA compliant. This is to protect the customer’s privacy.
Input Validation — Checking user inputs before sending them to the database. eg. sanitizing form input to prevent SQL injection attacks.
Integrity — Making sure the data that was sent from the server is the same that was received by the client. This ensures there was no tampering and integrity is achieved usually by hashing and encryption.
Intrusion Detection System — A software similar to a firewall but with advanced features. Helps in defending against Nmap scans, DDoS attacks, etc.
IP Spoofing — Changing the source IP address of a packet to fool the target into thinking a request is coming from a legitimate server.
John The Ripper — Brilliant password cracking tool, runs on all major platforms.
Kerberos — Default authorization software used by Microsoft, uses a stronger encryption system.
KeyLogger — A software program that captures all keystrokes that a user performs on the system.
Logic Bombs — A piece of code (usually malicious) that runs when a condition is satisfied.
Light Weight Directory Access Protocol (LDAP) — Lightweight client-server protocol on Windows, central place for authentication. Stores usernames and passwords to validate users on a network.
Malware — Short for “Malicious Software”. Everything from viruses to backdoors is malware.
MAC Address — Unique address assigned to a Network Interface Card and is used as an identifier for local area networks. Easy to spoof.
Multi-factor Authentication — Using more than one method of authentication to access a service. eg. username/password with mobile OTP to access a bank account (two-factor authentication)
MD5 — Widely used hashing algorithm. Once a favorite, it has many vulnerabilities.
Meterpreter — An advanced Metasploit payload that lives in memory and hard to trace.
Null-Byte Injection — An older exploit, uses null bytes (i.e. %00, or 0x00 in hexadecimal) to URLs. This makes web servers return random/unwanted data which might be useful for the attacker. Easily prevented by doing sanity checks.
Network Interface Card(NIC) — Hardware that helps a device connect to a network.
Network Address Translation — Utility that translates your local IP address into a global IP address. eg. your local IP might be 192.168.1.4 but to access the internet, you need a global IP address (from your router).
Nmap — Popular network scanning tool that gives information about systems, open ports, services, and operating system versions.
Netcat — Simple but powerful tool that can view and record data on a TCP or UDP network connections. Since it is not actively maintained, NCat is preferred.
Nikto — A popular web application scanner, helps to find over 6700 vulnerabilities including server configurations and installed web server software.
Nessus — Commercial alternative to NMap, provides a detailed list of vulnerabilities based on scan results.
Packet — Data is sent and received by systems via packets. Contains information like source IP, destination IP, protocol, and other information.
Password Cracking — Cracking an encrypted password using tools like John the Ripper when you don’t have access to the key.
Password Sniffing — Performing man-in-the-middle attacks using tools like Wireshark to find password hashes.
Patch — A software update released by a vendor to fix a bug or vulnerability in a software system.
Phishing — Building fake web sites that look remarkably similar to legitimate websites (like Facebook) to capture sensitive information.
Ping Sweep — A technique that tries to ping a system to see if it is alive on the network.
Public Key Cryptography — Encryption mechanism that users a pair of keys, one private and one public. The sender will encrypt a message using your public key which then you can decrypt using your private key.
Public Key Infrastructure — A public key infrastructure (PKI) is a system to create, store, and distribute digital certificates. This helps sysadmins verify that a particular public key belongs to a certain authorized entity.
Personally Identifiable Information (PII) — Any information that identified a user. eg. Address, Phone number, etc.
Payload — A piece of code (usually malicious) that performs a specific function. eg. Keylogger.
PCI-DSS — Payment Card Industry Data Security Standard. If you are working with customer credit cards, you should be PCI-DSS compliant.
Ransomware — Malware that locks your system using encryption and asks you to pay a price to get the key to unlock it.
Rainbow Table — Pre calculated password hashes that will help you crack password hashes of the target easily.
Reconnaissance — Finding data about the target using methods such as google search, social media, and other publicly available information.
Reverse Engineering — Rebuilding a piece of software based on its functions.
Role-Based Access — Providing a set of authorizations for a role other than a user. eg. “Managers” role will have a set of permissions while the “developers” role will have a different set of permissions.
Rootkit — A rootkit is a malware that provides unauthorized users admin privileges. Rootkits include keyloggers, password sniffers, etc.
Scanning — Sending packets to a system and gaining information about the target system using the packets received. This involved the 3-way-handshake.
Secure Shell (SSH) — Protocol that establishes an encrypted communication channel between a client and a server. You can use ssh to login to remote servers and perform system administration.
Session — A session is a duration in which a communication channel is open between a client and a server. eg. the time between logging into a website and logging out is a session.
Session Hijacking — Taking over someone else’s session by pretending to the client. This is achieved by stealing cookies and session tokens. eg. after you authenticate with your bank, an attacker can steal your session to perform financial transactions on your behalf.
Social Engineering — The art of tricking people into making them do something that is not in their best interest. eg. convincing someone to provide their password over the phone.
Secure Hashing Algorithm (SHA) — Widely used family of encryption algorithms. SHA256 is considered highly secure compared to earlier versions like SHA 1. It is also a one-way algorithm, unlike an encryption algorithm that you can decrypt. Once you hash a message, you can only compare with another hash, you cannot re-hash it to its earlier format.
Sniffing — performing man-in-the-middle attacks on networks. Includes wired and wireless networks.
Spam — Unwanted digital communication, including email, social media messages, etc. Usually tries to get you into a malicious website.
Syslog — System logging protocol, used by system administrators to capture all activity on a server. Usually stored on a separate server to retain logs in the event of an attack.
Secure Sockets Layer (SSL) — Establishes an encrypted tunnel between the client and server. eg. when you submit passwords on Facebook, only the encrypted text will be visible for sniffers and not your original password.
Snort — Lightweight open-source Intrusion Detection System for Windows and Linux.
SQL Injection — A type of attack that can be performed on web applications using SQL databases. Happens when the site does not validate user input.
Trojan — A malware hidden within useful software. eg. a pirated version of MS office can contain trojans that will execute when you install and run the software.
Traceroute — Tool that maps the route a packet takes between the source and destination.
Tunnel — Creating a private encrypted channel between two or more computers. Only allowed devices on the network can communicate through this tunnel.
Virtual Private Network — A subnetwork created within a network, mainly to encrypt traffic. eg. connecting to a VPN to access a blocked third-party site.
Virus — A piece of code that is created to perform a specific action on the target systems. A virus has to be triggered to execute eg. autoplaying a USB drive.
Vulnerability — A point of attack that is caused by a bug / poor system design. eg. lack of input validation causes attackers to perform SQL injection attacks on a website.
War Driving — Travelling through a neighborhood looking for unprotected wifi networks to attack.
WHOIS — Helps to find information about IP addresses, its owners, DNS records, etc.
Wireshark — Open source program to analyze network traffic and filter requests and responses for network debugging.
Worm — A malware program capable of replicating itself and spreading to other connected systems. eg. a worm to built a botnet. Unlike Viruses, Worms don’t need a trigger.
Wireless Application Protocol (WAP) — Protocol that helps mobile devices connect to the internet.
Web Application Firewall (WAF) — Firewalls for web applications that help with cross-site scripting, Denial of Service, etc.
Zero-Day — A newly discovered vulnerability in a system for which there is no patch yet. Zero-day vulnerabilities are the most dangerous type of vulnerabilities since there is no possible way to protect against one.
Zombie — A compromised computer, controlled by an attacker. A group of zombies is called a Botnet.
Increased distributed working: With organizations embracing work from home, incremental risks have been observed due to a surge in Bring Your Own Device (BYOD), Virtual Private Network (VPN), Software As A Service (SaaS), O365 and Shadow IT, as it could be exploited by various Man-in-the-Middle (MITM) attack vectors.
Reimagine Business Models: Envisioning new business opportunities, modes of working, and renewed investment priorities. With reduced workforce capability, compounded with skill shortages, staff who are focusing on business as usual tasks can be victimized, via social engineering.
Digital Transformation and new digital infrastructure: With the change in nature for organizations across the industrial and supply chain sector – security is deprioritized. Hardening of the industrial systems and cloud based infrastructure is crucial as cyber threats exploit these challenges via vulnerability available for unpatched systems.
With an extreme volume of digital communication, security awareness is lowered with increased susceptibility. Malicious actors are using phishing techniques to exploit such situations.
Re-evaluate your approach to cyber
Which cyber scenarios your organization appears to be preparing for or is prepared?
Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
The organizations should reflect the following scenarios at a minimum and consider:
Which cyber scenarios your organization appears to be preparing for or is prepared?
Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
To tackle the outcome from the above scenarios, the following measures are the key:
Inoculation through education: Educate and / or remind your employees about –
Your organization’s defense – remote work cyber security policies and best practices
Potential threats to your organization and how will it attack – with a specific focus on social engineering scams and identifying COVID-19 phishing campaigns
Assisting remote employees with enabling MFA across the organization assets
Adjust your defenses: Gather cyber threat intelligence and execute a patching sprint:
Set intelligence collection priorities
Share threat intelligence with other organizations
Use intelligence to move at the speed of the threat
Focus on known tactics, such as phishing and C-suite fraud.
Prioritize unpatched critical systems and common vulnerabilities.
Enterprise recovery: If the worst happens and an attack is successful, follow a staged approach to recovering critical business operations which may include tactical items such as:
Protect key systems through isolation
Fully understand and contain the incident
Eradicate any malware
Implement appropriate protection measures to improve overall system posture
Identify and prioritize the recovery of key business processes to deliver operations
Implement a prioritized recovery plan
Cyber Preparedness and Response: It is critical to optimize the detection capability thus, re-evaluation of the detection strategy aligned with the changing landscape is crucial. Some key trends include:
Secure and monitor your cloud environments and remote working applications
Increase monitoring to identify threats from shadow IT
Analyze behavior patterns to improve detection content
Finding the right cyber security partner: To be ready to respond identify the right partner with experience and skillset in Social Engineering, Cyber Response, Cloud Security, and Data Security.
Critical actions to address
At this point, as the organizations are setting the direction towards the social enterprise, it is an unprecedented opportunity to lead with cyber discussions and initiatives. Organizations should immediately gain an understanding of newly introduced risks and relevant controls by:
Getting a seat at the table
Understanding the risk prioritization:
Remote workforce/technology performance
Operational and financial implications
Emerging insider and external threats
Business continuity capabilities
Assessing cyber governance and security awareness in the new operating environment
Assessing the highest areas of risk and recommend practical mitigation strategies that minimize impact to constrained resources.
Keeping leadership and the Board apprised of ever-changing risk profile
Given the complexity of the pandemic and associated cyber challenges, there is reason to believe that the recovery phase post-COVID-19 will require unprecedented levels of cyber orchestration, communication, and changing of existing configurations across the organization.
CyberSecurity: Protect Yourself on Internet
Use two factor authentication when possible. If not possible, use strong unique passwords that are difficult to guess or crack. This means avoiding passwords that use of common words, your birthdate, your SSN, names and birthdays of close associates, etc.
Make sure the devices you are using are up-to-date and have some form of reputable anti-virus/malware software installed.
Never open emails, attachments, programs unless they are from a trusted source (i.e., a source that can be verified). Also disregard email or web requests that ask you to share your personal or account information unless you are sure the request and requestor are legitimate.
Try to only use websites that are encrypted. To do this, look for either the trusted security lock symbol before the website address and/or the extra “s” at the end of http in the URL address bar.
Avoid using an administrator level account when using the internet.
Only enable cookies when absolutely required by a website.
Make social media accounts private or don’t use social media at all.
Consider using VPNs and encrypting any folders/data that contains sensitive data.
Stay away from using unprotected public Wi-Fi networks.
Social media is genetically engineered in Area 51 to harvest as much data from you as possible. Far beyond just having your name and age and photograph.
Never use the same username twice anywhere, or the same password twice anywhere.
Use Tor/Tor Browser whenever possible. It’s not perfect, but it is a decent default attempt at anonymity.
Use a VPN. Using VPN and Tor can be even better.
Search engines like DuckDuckGo offer better privacy (assuming they’re honest, which you can never be certain of) than Google which, like social media, works extremely hard to harvest every bit of data from you that they can.
Never give your real details anywhere. Certainly not things like your name or pictures of yourself, but even less obvious things like your age or country of origin. Even things like how you spell words and grammatical quirks can reveal where you’re from.
Erase your comments from websites after a few days/weeks. It might not erase them from the website’s servers, but it will at least remove them from public view. If you don’t, you can forget they exist and you never know how or when they can and will be used against you.
With Reddit, you can create an account fairly easily over Tor using no real information. Also, regularly nuke your accounts in case Reddit or some crazy stalker is monitoring your posts to build a profile of who you might be. Source: Reddit
Notable Hackers
Adrian Lamo – gained media attention for breaking into several high-profile computer networks, including those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest. Lamo was best known for reporting U.S. soldier Chelsea Manning to Army criminal investigators in 2010 for leaking hundreds of thousands of sensitive U.S. government documents to WikiLeaks.
Albert Gonzales – an American computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 to 2007: the biggest such fraud in history.
Andrew Auernheimer (known as Weev) – Went to jail for using math against AT&T website.
Barnaby Jack – was a New Zealand hacker, programmer and computer security expert. He was known for his presentation at the Black Hat computer security conference in 2010, during which he exploited two ATMs and made them dispense fake paper currency on the stage. Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.
Gary McKinnon – a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,” although McKinnon himself states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public. 👽🛸
George Hotz aka geohot – “The former Facebook engineer took on the giants of the tech world by developing the first iPhone carrier-unlock techniques,” says Mark Greenwood, head of data science at Netacea, “followed a few years later by reverse engineering Sony’s PlayStation 3, clearing the way for users to run their own code on locked-down hardware. George sparked an interest in a younger generation frustrated with hardware and software restrictions being imposed on them and led to a new scene of opening up devices, ultimately leading to better security and more openness.”
Guccifer 2.0 – a persona which claimed to be the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event.
Hector Monsegur (known as Sabu) – an American computer hacker and co-founder of the hacking group LulzSec. He Monsegur became an informant for the FBI, working with the agency for over ten months to aid them in identifying the other hackers from LulzSec and related groups.
Jacob Appelbaum – an American independent journalist, computer security researcher, artist, and hacker. He has been employed by the University of Washington, and was a core member of the Tor project, a free software network designed to provide online anonymity.
James Forshaw – one of the world’s foremost bug bounty huners
Jeanson James Ancheta – On May 9, 2006, Jeanson James Ancheta (born 1985) became the first person to be charged for controlling large numbers of hijacked computers or botnets.
Jeremy Hammond – He was convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to the whistle-blowing website WikiLeaks, and sentenced to 10 years in prison.
John Draper – also known as Captain Crunch, Crunch or Crunchman (after the Cap’n Crunch breakfast cereal mascot), is an American computer programmer and former legendary phone phreak.
Kimberley Vanvaeck (known as Gigabyte) – a virus writer from Belgium known for a long-standing dispute which involved the internet security firm Sophos and one of its employees, Graham Cluley. Vanvaeck wrote several viruses, including Quis, Coconut and YahaSux (also called Sahay). She also created a Sharp virus (also called “Sharpei”), credited as being the first virus to be written in C#.
Lauri Love – a British activist charged with stealing data from United States Government computers including the United States Army, Missile Defense Agency, and NASA via computer intrusion.
Michael Calce (known as MafiaBoy) – a security expert from Île Bizard, Quebec who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
Mudge – Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.
PRAGMA – Also known as Impragma or PHOENiX, PRAGMA is the author of Snipr, one of the most prolific credential stuffing tools available online.
The 414s – The 414s were a group of computer hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank, in 1982 and 1983.
The Shadow Brokers – is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products.[6] The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA’s Tailored Access Operations unit.
The Strange History of Ransomware The first ransomware virus predates e-mail, even the Internet as we know it, and was distributed on floppy disk by the postal service. It sounds quaint, but in some ways this horse-and-buggy version was even more insidious than its modern descendants. Contemporary ransomware tends to bait victims using legitimate-looking email attachments — a fake invoice from UPS, or a receipt from Delta airlines. But the 20,000 disks dispatched to 90 countries in December of 1989 were masquerading as something far more evil: AIDS education software.
How to protect sensitive data for its entire lifecycle in AWS
You can protect data in-transit over individual communications channels using transport layer security (TLS), and at-rest in individual storage silos using volume encryption, object encryption or database table encryption. However, if you have sensitive workloads, you might need additional protection that can follow the data as it moves through the application stack. Fine-grained data protection techniques such as field-level encryption allow for the protection of sensitive data fields in larger application payloads while leaving non-sensitive fields in plaintext. This approach lets an application perform business functions on non-sensitive fields without the overhead of encryption, and allows fine-grained control over what fields can be accessed by what parts of the application. Read m ore here…
I Passed AWS Security Specialty SCS-C01 Testimonials
Passing the SCS-C01 AWS Certified Security Specialty exam
I’ve been studying for both DevOps DOP-C01 and Security Specialty SCS-C01 tests but opted to just focus on SCS-C01 since the DevOps exam seems like a tough one to pass. I’m planning to take the DevOps one next but I read that there’s a new DOP-C02 version just came out so I might postpone it until for a couple of months.
This AWS Certified Security Specialty exam is easier than the SAA exam since the main focus is all about security. The official Exam Guide has been my ultimate guide in knowing the particular AWS services to focus for the test. Once I got 90% on all my practice tests attempts from TD, I went ahead and booked my exam.
Here’s a compilation of all the helpful SCS-C01 posts that helped me:
The Exam Readiness: AWS Certified Security Specialty course provides a good summary of all the relevant topics that are about to be asked in the exam. Prepare to see topics in Key Management Infrastructure, IPS/IDS, network security, EKS/ECS container security and many more.
https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html This is an update on the attack from Security Affairs, to supplement the initial one I posted at the time the attack was reported. Edit: To clarify I didn't write the article, I'm only posting it as a follow on. submitted by /u/Vengeful-Peasant1847 [link] [comments]
Are there any good, maybe free pw managers that work on windows and android? My fear is even if they store passwords in a cloud db or offline db with all kinds of master passwords, 2FA or further measures, but if some app is hacked on an Android phone (or just a malicious one) it could just "take a screenshot" or similar without knowledge and consent. Once the pw db is unlocked by an enduser to look up a password, another program could hijack somehow? Is that paranoid? Would be great to have like a small pocket vault on keychain that could display my pws when I browse it.. such thing exists? Or anything else considered "most safe/safest"? submitted by /u/malvinorotty [link] [comments]
Hi all, The EU's proposed Cyber Resilience Act is a big deal for anyone involved in hardware and software with digital elements. T o sum it up, it aims to raise the bar on cybersecurity by setting mandatory standards for these products. Think automatic security updates, clear vulnerability reporting, and a focus on secure design throughout a product's lifecycle. This means better protection for consumers and businesses alike! But what are your thoughts? Is the CRA a step in the right direction? Are there any potential downsides? I'm also happy to dive deeper into how companies can get a head start on compliance. The CRA isn't here yet, but there are plenty of proactive changes you can make to future-proof your products. Looking forward for your reactions. PS: comply will be mandatory to maintain and/or start exporting to the EU! submitted by /u/i46_sro [link] [comments]
Anyone ever had to work on this vulnerability? A vendor is requesting a CVE and I don't have a specific one to give him. 4.0 is EOL and my employees are running 4.0 though all endpoints (version 1.24). It seems that it is reccomended to update to a more current and supported versions of MSXML which looks to be 6.0+ What kind of CVE can I send to the vendor because there isn't anything pertaining to just 4.0.. I'm so stressed and confused at this point, I'm not sure what to do. Microsoft XML Parser (MSXML) and XML Core Services Unsupported | Tenable® submitted by /u/xyzal1 [link] [comments]
How many meetings do you usually have in a day? How many times do meet with your manager/CISO? As you can tell, story of life!! submitted by /u/littleknucks [link] [comments]
Still fairly new to cyber and have started working on threat hunting at work and overall have gotten the hang of a lot of things, but still always struggle to produce TTPs that align with the focus of the threat hunt. For example, some of the threat hunts are based on a specific threat actor and I do my research and sometimes will find resources like a CISA Advisory that lays out specific TTPs to be hunted for, but other times I find nothing specific. I found that MITRE is a great place to start, looking at the tactic and techniques relevant to the threat actor but then struggle to actually turn those into a searchable query across our detection tools to be hunted for. Would appreciate any advice or if anyone has any good free resources they use for producing TTPs for threat hunting. submitted by /u/waystar3 [link] [comments]
I’ve seen a fair few comments on here (though I don’t check in regularly), about how pen testing is not for a newbie. Why is that? I’m a mid 30s looking for a change. If you go in at the bottom, complete junior, can it work? (UK) submitted by /u/KisstheCat90 [link] [comments]
I just started going back to college to get an associates degree in Cyber Security while working IT and planned on transfering to get a Bachelor's afterward. Now I am feeling discouraged after seeing posts of people struggling to get hired despite having a degree and experience and the recent press release from the National Cyber Director. Is there any hope for anyone just starting? submitted by /u/asterlives [link] [comments]
I'm considering switching to information security after being in my current software dev role for about 3-4 years now. My schooling is in computer science with a concentration in cyber security, and I'd like to finally be able to use what I learned in college. My question is, with all the targeted attacks and data gathering going on right now, how visible do you set your LinkedIn profile without giving too much away? Currently I have my profile picture set only to 3 connections away, but do I need to make it public? What about the About and Experience sections? I'm hoping to have both recruiters (which I have Open to Work set for those not in my company) and people from other roles notice me more easily. submitted by /u/sonofagenius [link] [comments]
Hi guys, I’m a software engineer looking for a product idea. I pondered the idea of audit/report software with ISO27001 generation and automatic data collection. I have a couple questions: Is there alot of demand for auditing/report solutions? I know drata and vanta are the main players here. For those who use it, are there any issues (big or small) that you have with it on a daily basis? How much do you guys pay for auditing/reporting? Are there any other forms that you need besides ISO27001? submitted by /u/leoforney [link] [comments]
Hi, I'm hoping to familiarize myself with SIEM platforms by setting up a system on my home network. Can someone recommend an open source or trial based installation that I can fiddle around with? Preferably something commonly used in the real world. submitted by /u/Leather-Chef-6550 [link] [comments]
The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev.
In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury’s Office of Foreign Assets Control (
Networking 101 and Top 20 AWS Certified Advanced Networking Specialty Questions and Answers Dumps
The AWS Certified Advanced Networking – Specialty (ANS-C01) examination is intended for individuals who perform complex networking tasks. This examination validates advanced technical skills and experience in designing and implementing AWS and hybrid IT network architectures at scale.
Domain 1: Design and Implement Hybrid IT Network Architectures at Scale – 23%
Domain 2: Design and Implement AWS Networks – 29%
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more codes)
Domain 3: Automate AWS Tasks – 8%
Domain 4: Configure Network Integration with Application Services – 15%
Domain 5: Design and Implement for Security and Compliance – 12%
Domain 6: Manage, Optimize, and Troubleshoot the Network – 13%
Below are the top 20 Top 20 AWS Certified Advanced Networking – Specialty Practice Quiz including Questions and Answers and References –
Question 1: What is the relationship between private IPv4 addresses and Elastic IP addresses?
Question 2: A company’s on-premises network has an IP address range of 11.11.0.0/16. Only IPs within this network range can be used for inter-server communication. The IP address range 11.11.253.0/24 has been allocated for the cloud. A network engineer needs to design a VPC on AWS. The servers within the VPC should be able to communicate with hosts both on the internet and on-premises through a VPN connection. Which combination of configuration steps meet these requirements? (Select TWO.)
A) Set up the VPC with an IP address range of 11.11.253.0/24.
B) Set up the VPC with an RFC 1918 private IP address range (for example, 10.10.10.0/24). Set up a NAT gateway to do translation between 10.10.10.0/24 and 11.11.253.0/24 for all outbound traffic.
C) Set up a VPN connection between a virtual private gateway and an on-premises router. Set the virtual private gateway as the default gateway for all traffic. Configure the on-premises router to forward traffic to the internet.
D) Set up a VPN connection between a virtual private gateway and an on-premises router. Set the virtual private gateway as the default gateway for traffic destined to 11.11.0.0/24. Add a VPC subnet route to point the default gateway to an internet gateway for internet traffic.
E) Set up the VPC with an RFC 1918 private IP address range (for example, 10.10.10.0/24). Set the virtual private gateway to do a source IP translation of all outbound packets to 11.11.0.0/16.
ANSWER2:
A and C
Notes/Hint2:
The VPC needs to use a CIDR block in the assigned range (and be non-overlapping with the data center). All traffic not destined for the VPC is routed to the virtual private gateway (that route is assumed) and must then be forwarded to the internet when it arrives on-premises. B and E are incorrect because they are not in the assigned range (non-RFC 1918 addresses can be used in a VPC). D is incorrect because it directs traffic to the internet through the internet gateway.
Question 3: Tasks running on Amazon EC2 Container Service (Amazon ECS) can use which mode for container networking (allocating an elastic networking interface to each running task, providing a dynamic private IP address and internal DNS name)?
Question 4: A network engineer needs to design a solution for an application running on an Amazon EC2 instance to connect to a publicly accessible Amazon RDS Multi-AZ DB instance in a different VPC and Region. Security requirements mandate that the traffic not traverse the internet. Which configuration will ensure that the instances communicate privately without routing traffic over the internet?
A) Create a peering connection between the VPCs and update the routing tables to route traffic between the VPCs. Enable DNS resolution support for the VPC peering connection. Configure the application to connect to the DNS endpoint of the DB instance.
B) Create a gateway endpoint to the DB instance. Update the routing tables in the application VPC to route traffic to the gateway endpoint.
C) Configure a transit VPC to route traffic between the VPCs privately. Configure the application to connect to the DNS endpoint of the DB instance.
D) Create a NAT gateway in the same subnet as the EC2 instances. Update the routing tables in the application VPC to route traffic through the NAT gateway to the DNS endpoint of the DB instance.
Configuring DNS resolution on the VPC peering connection will allow queries from the application VPC to resolve to the private IP of the DB instance and prevent routing over the internet. B is incorrect because Amazon RDS is not supported by gateway endpoints. C and D are incorrect because the database endpoint will resolve to a public IP and the traffic will go over the internet.
Question 5: Management has decided that your firm will implement an AWS hybrid architecture. Given that decision, which of the following is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS Cloud?
ANSWER5:
B
Notes/Hint5:
AWS Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS Cloud.
Question 6: A company has implemented a critical environment on AWS. For compliance purposes, a network engineer needs to verify that the Amazon EC2 instances are using a specific approved security group and belong to a specific VPC. The configuration history of the instances should be recorded and, in the event of any compliance issues, the instances should be automatically stopped. What should be done to meet these requirements?
A) Enable AWS CloudTrail and create a custom Amazon CloudWatch alarm to perform the required checks. When the CloudWatch alarm is in a failed state, trigger the stop this instance action to stop the noncompliant EC2 instance.
B) Configure a scheduled event with AWS CloudWatch Events to invoke an AWS Lambda function to perform the required checks. In the event of a noncompliant resource, invoke another Lambda function to stop the EC2 instance.
C) Configure an event with AWS CloudWatch Events for an EC2 instance state-change notification that triggers an AWS Lambda function to perform the required checks. In the event of a noncompliant resource, invoke another Lambda function to stop the EC2 instance.
D) Enable AWS Config and create custom AWS Config rules to perform the required checks. In the event of a noncompliant resource, use a remediation action to execute an AWS Systems Manager document to stop the EC2 instance.
ANSWER6:
D
Notes/Hint6:
AWS Config provides a detailed view of the configuration of AWS resources in a user’s AWS account. Using AWS Config rules with AWS Systems Manager Automation documents can automatically remediate noncompliant resources
Question 8: A company is extending its on-premises data center to AWS. Peak traffic is expected to range between 1 Gbps and 2 Gbps. A network engineer must ensure that there is sufficient bandwidth between AWS and the data center to handle peak traffic. The solution should be highly available and cost effective. What should be implemented to address these needs?
A) Deploy a 10 Gbps AWS Direct Connect connection with an IPsec VPN backup.
B) Deploy two 1 Gbps AWS Direct Connect connections in a link aggregation group.
C) Deploy two 1 Gbps AWS Direct Connect connections in a link aggregation group to two different Direct Connect locations.
D) Deploy a 10 Gbps AWS Direct Connect connection to two different Direct Connect locations.
ANSWER8:
C
Notes/Hint8:
Two AWS Direct Connect connections with link aggregation groups in two different Direct Connect locations are required to provide sufficient bandwidth with high availability. If one Direct Connect location experiences a failure, the two Direct Connect connections in the second Direct Connect location will provide backup. All of the other options would be unable to handle the peak traffic if a connection was lost.
Question 10: A network engineer needs to limit access to the company’s Amazon S3 bucket to specific source networks. What should the network engineer do to accomplish this?
A) Create an ACL on the S3 bucket, limiting access to the CIDR blocks of the specified networks.
B) Create a bucket policy on the S3 bucket, limiting access to the CIDR blocks of the specified networks using a condition statement.
C) Create a security group allowing inbound access to the CIDR blocks of the specified networks and apply the security group to the S3 bucket.
D) Create a security group allowing inbound access to the CIDR blocks of the specified networks, create a S3 VPC endpoint, and apply the security group to the VPC endpoint.
ANSWER10:
B
Notes/Hint10:
An Amazon S3 bucket policy that uses a condition statement will support restricting access if the request originates from a specific range of IP addresses. A is incorrect because an S3 ACL does not support IP restrictions. C is incorrect because security groups cannot be applied to S3 buckets. D is incorrect because security groups cannot be applied to an S3 VPC endpoint.
Question 11: AWS Direct Connect has two separate billable charges: port-hours and data transfer. Pricing is per port-hour consumed for each port type. How are partial port-hours handled?
Question 12: A company’s compliance requirements specify that web application logs must be collected and analyzed to identify any malicious activity. A network engineer also needs to monitor for remote attempts to change the network interface of web instances. Which services and configurations will meet these requirements?
A) Install the Amazon CloudWatch Logs agent on the web instances to collect application logs. Use VPC Flow Logs to send data to CloudWatch Logs. Use CloudWatch Logs metric filters to define the patterns to look for in the log data.
B) Configure AWS CloudTrail to log all management and data events to a custom Amazon S3 bucket and Amazon CloudWatch Logs. Use VPC Flow Logs to send data to CloudWatch Logs. Use CloudWatch Logs metric filters to define the patterns to look for in the log data.
C) Configure AWS CloudTrail to log all management events to a custom Amazon S3 bucket and Amazon CloudWatch Logs. Install the Amazon CloudWatch Logs agent on the web instances to collect application logs. Use CloudWatch Logs Insights to define the patterns to look for in the log data.
D) Enable AWS Config to record all configuration changes to the web instances. Configure AWS CloudTrail to log all management and data events to a custom Amazon S3 bucket. Use Amazon Athena to define the patterns to look for in the log data stored in Amazon S3.
ANSWER12:
C
Notes/Hint12:
Web application logs are internal to the operating system, and Amazon CloudWatch Logs Insights can be used to collect and analyze the logs using the CloudWatch agent. AWS CloudTrail monitors all AWS API activity and can be used to monitor particular API calls to identify remote attempts to change the network interface of web instances.
Question 14: A company has an application that processes confidential data. The data is currently stored in an on premises data center. A network engineer is moving workloads to AWS, and needs to ensure confidentiality and integrity of the data in transit to AWS. The company has an existing AWS Direct Connect connection. Which combination of steps should the network engineer perform to set up the most cost-effective connection between the on-premises data center and AWS? (Select TWO.)
A) Attach an internet gateway to the VPC.
B) Configure a public virtual interface on the AWS Direct Connect connection.
C) Configure a private virtual interface to the virtual private gateway.
D) Set up an IPsec tunnel between the customer gateway and a software VPN on Amazon EC2.
E) Set up a Site-to-Site VPN between the customer gateway and the virtual private gateway.
ANSWER14:
B and E
Notes/Hint14:
Setting up a VPN over an AWS Direct Connect connection will secure the data in transit. The steps to do so are: set up a public virtual interface and create the Site-to-Site VPN between the data center and the virtual private gateway using the public virtual interface. A is incorrect because it would send traffic over the public internet. C is not possible because a public virtual interface is needed to announce the VPN tunnel IPs. D is incorrect because it would not take advantage of the already existing Direct Connect connection.
Question 15: A site you are helping create must use Adobe Media Server and the Adobe Real-Time Messaging Protocol (RTMP) to stream media files. When it comes to AWS, an RTMP distribution must use which of the following as the origin?
A) EC2 resolver
B) Route 53 server
C) VPN endpoint
D) S3 bucket
ANSWER15:
D
Notes/Hint15:
An RTMP distribution must use S3 bucket as the origin.
Question 16: A company is creating new features for its ecommerce website. These features will be deployed as microservices using different domain names for each service. The company requires the use of HTTPS for all its public-facing websites. The application requires the client’s source IP. Which combination of actions should be taken to accomplish this? (Select TWO.)
A) Use a Network Load Balancer to distribute traffic to each service.
B) Use an Application Load Balancer to distribute traffic to each service.
C) Configure the application to retrieve client IPs using the X-Forwarded-For header.
D) Configure the application to retrieve client IPs using the X-Forwarded-Host header.
E) Configure the application to retrieve client IPs using the PROXY protocol header.
ANSWER16:
B and C
Notes/Hint16:
An Application Load Balancer supports host-based routing, which is required to route traffic to different microservices based on the domain name. X-Forwarded-For is the correct request header to identify the client’s source IP address.
Question 18: A network engineer is architecting a high performance computing solution on AWS. The system consists of a cluster of Amazon EC2 instances that require low-latency communications between them. Which method will meet these requirements?
A) Launch instances into a single subnet with a size equal to the number of instances required for the cluster.
B) Create a cluster placement group. Launch Elastic Fabric Adapter (EFA)-enabled instances into the placement group.
C) Launch Amazon EC2 instances with the largest available number of cores and RAM. Attach Amazon EBS Provisioned IOPS (PIOPS) volumes. Implement a shared memory system across all instances in the cluster.
D) Choose an Amazon EC2 instance type that offers enhanced networking. Attach a 10 Gbps non-blocking elastic network interface to the instances.
ANSWER18:
B
Notes/Hint18:
Cluster placement groups and Elastic Fabric Adapters (EFAs) are recommended for high performance computing applications that benefit from low network latency, high network throughput, or both. A is incorrect because the size of a subnet has no impact on network performance. C is incorrect because an Amazon EBS volume cannot be shared between Amazon EC2 instances. D is only half the solution because the enhanced networking affects the network behaviour of an EC2 instance but not the network infrastructure between instances.
Question 19: What is the maximum number of security groups that can be associated with each network interface?
A) 1
B) 4
C) 5
D) 3
E) 2
ANSWER2:
C
Notes/Hint19:
The default number of security groups that can be associated with each network interface is 5. The maximum is 16. This quota is enforced separately for IPv4 rules and IPv6 rules.
Question 20: A company’s internal security team receives a request to allow Amazon S3 access from inside the corporate network. All external traffic must be explicitly allowed through the corporate firewalls. How can the security team grant this access?
A) Schedule a script to download the Amazon S3 IP prefixes from AWS developer forum announcements. Update the firewall rules accordingly.
B) Schedule a script to download and parse the Amazon S3 IP prefixes from the ip-ranges.json file. Update the firewall rules accordingly.
C) Schedule a script to perform a DNS lookup on Amazon S3 endpoints. Update the firewall rules accordingly.
D) Connect the data center to a VPC using AWS Direct Connect. Create routes that forward traffic from the data center to an Amazon S3 VPC endpoint.
ANSWER20:
B
Notes/Hint20:
The ip-ranges.json file contains the latest list of IP addresses used by AWS. AWS no longer posts IP prefixes in developer forum announcements. DNS lookups would not provide an exhaustive list of possible IP prefixes. D would require transitive routing, which is not possible.
Wi-Fi is a brand name for wireless networking standards. Wi-Fi lets devices communicate by sending and receiving radio waves.
In 1971, the University of Hawaii demonstrated the first wireless data network, known as ALOHAnet. In 1985, the US FCC opened the ISM radio bands for unlicensed transmissions. After 1985, other countries followed, and more people started experimenting. In 1997 and 1999, the IEEE ratified the first international wireless networking standards. They were called 802.11-1997, 802.11b, and 802.11a. The technology was amazing, but the names were not.
In 1999, the brand-consulting firm Interbrand created the logo and suggested Wi-Fi as the name. Wi-Fi was a pun on hi-fi, referring to high-fidelity audio. Wi-Fi was easier to remember than 802.11, and we’ve been stuck with the name since. The official name is Wi-Fi, but most people don’t capitalize it or include the hyphen. Wi-Fi, WiFi, Wifi, wifi, and 802.11 all refer to the same thing. In the early days, Wi-Fi was used as shorthand for Wireless Fidelity, but it isn’t officially short for anything. According to the Wi-Fi Alliance, Wi-Fi is Wi-Fi.
What does Wi-Fi do? How does Wi-Fi work?
Wi-Fi transmits data using microwaves, which are high-frequency radio waves. Wi-Fi is more complicated than FM radio, but the basic underlying technology is the same. They both encode information into radio waves, which are received and decoded. FM radio does this for sound, Wi-Fi does this for computer data. So how can we use radio waves to send sound, or information?
At a basic level, you can think of two people holding a jump rope. One person raises and lowers their arm quickly, creating a wave. With Wi-Fi, this person would represent your Wi-Fi router, or wireless access point. Keeping the same up and down motion is known as a carrier wave. The person on the other end is the client device, such as a laptop or cell phone. When a wireless client joins the network and senses the carrier wave, it starts listening and waits for small differences in the signal.
In our example, you can imagine feeling the jump rope going up and down, and then receiving a single motion to the right. That single motion to the right can be interpreted as a binary number 1. A motion to the left would be a binary 0. Chain enough 1’s and 0’s together and you can represent complicated things, like all the data on this webpage.
It sounds like magic, but it’s not only Wi-Fi that works this way. Bluetooth, 4G, 5G, and most wireless transmissions work by manipulating waves to transfer electrical signals through the air. A deeper, better question than “How does Wi-Fi work?” is “How do wireless transmissions work?”
If you want a better answer, you need to have a basic understanding of a few things:
Fundamental physics of electricity and magnetism
Electromagnetic radiation, radio waves, and antennas
How wired networks transmit data
I tried my best to keep this understandable, and laid out in a way that makes sense. This stuff is complicated, and hard to explain. That is why there are so many bad explanations of how Wi-Fi works out there.
This isn’t going to be a light and breezy discussion. Each of these topics could be an entire college course, so forgive me for simplifying where possible. Use Wikipedia and other resources to fill in the gaps, or to clarify something I glossed over. As always, corrections and feedback are welcomed.
Let’s dive in the deep end and cover the physics first. If you’re not familiar with fundamental physics, Wikipedia is an amazing resource. The key terms highlighted in blue are links to Wikipedia articles which explain further.
Electrical current is a flow of negatively charged electrons through a conductive material, like a wire.
Electrical current flowing through a wire creates a magnetic field. This is how electromagnets work.
In 1867, James Clerk Maxwell discovered that light, magnetism, and electricity are related.
He predicted the existence of electromagnetic waves.
His equations describe how electric and magnetic fields are generated by charges, currents, and other field changes.
This is known as the 2nd great unification of physics, behind Sir Issac Newton.
In 1887, Heinrich Hertz was the first to prove the existence of electromagnetic waves. People thought that was so cool, they used his last name as the unit for a wave’s frequency.
Electromagnetic waves don’t need a medium. They can move through the vacuum of space, for example.
Since visible light is an electromagnetic wave, this is how we can see the sun, or distant stars.
This is also how we heard Neil Armstrong say “One small step for man…” live from the moon.
The warmth you feel from sunlight is due to the radiant energy sunlight contains. All electromagnetic waves have radiant energy.
Examples of electromagnetic waves: Visible light, radio waves, microwaves, infrared, ultraviolet, X-rays, and gamma rays.
Wi-Fi is an example of a radio wave, specifically a microwave. Microwaves are high-energy radio waves.
Electromagnetic Waves
Electromagnetic waves come in a wide range of forms. The type of wave is categorized by wavelength and frequency.
Wavelength is a measure of the distance over which the wave’s shape repeats. In a typical continuous sine wave like Wi-Fi, every time a wave goes from peak to valley to peak, we call that a cycle. The distance it takes to complete one cycle is its wavelength.
Frequency is a measure of how many cycles the wave makes per second. We use Hertz (Hz) as the measure of frequency, 1 Hz is one cycle per second. The more common MHz and GHz are for millions, or billions, of cycles per second.
Imagine waves on a beach. On calm days the waves are small, and come in slowly. On a windy day the waves have more energy, come in faster, and have less distance between them. Higher energy, higher frequency, shorter wavelength. Unlike ocean waves, electromagnetic waves move at the speed of light. Since their speed is constant, their wavelength and frequency are inverse. As wavelength goes up, frequency does down. If you multiply the wavelength and frequency, you will always get the same value — the speed of light, the speed limit of the universe.
You can graph all the various kinds of electromagnetic waves, with the lowest energy on the left, and the highest energy on the right. We call this the electromagnetic spectrum. I’m not going to cover the entire electromagnetic spectrum, since we are mainly interested in Wi-Fi’s microwaves, and how we can use them to send data wirelessly.
Starting from the left, we have the low-energy waves we call radio. Opinions vary, but I’m going with Wikipedia’s broad definition that radio waves cover from 30 Hz, up to 300 GHz. Compared to the rest of the spectrum, radio’s wavelengths are long, their frequency is slow, and energy is low. Within radio waves, there is a separate category we call microwaves.
Microwaves fall within the broader radio wave range. At a minimum, microwaves cover 3 GHz to 30 GHz, but some people say microwaves extend further than that. The specific range depends on who you ask, but generally you can think of Microwaves as high-frequency radio waves.
Microwaves are used in microwave ovens, Bluetooth, Wi-Fi, your cell phone’s 4G or 5G connection, and lots of other wireless data transmissions. Their higher energy, shorter wavelength, and other properties make them better for high-bandwidth transfers than traditional, lower-powered radio waves.
All waves can be modulated by varying either the amplitude (strength), frequency or phase of the wave. This is what allows Wi-Fi, and any other wireless technology, to encode data in a wireless signal.
Wired Networking Transmissions
Before we cover how wireless data transmission works, we need to understand how wired data transmission works. In wired Ethernet networks, we use the copper inside Ethernet cables to transmit electrical signals. The conductive copper transfers the electrical current applied at one end, through the wire, to the other side.
A typical example would be a PC plugged into an Ethernet switch. If the PC wants to transfer information, it converts binary digits to electrical impulses. On, off, on, off. It sends a specific pattern of 1’s and 0’s across the wire, which is received on the other end. Ethernet is the neighborhood street of the networking world. It’s great for getting around the local area, but you’ll need to jump on the highway if you want to go further.
The highway of the networking world is fiber optic cabling. Just like how Ethernet transfers electrical current, we can do the same thing with lasers and fiber optic cables. Fiber optic cables are made of bendable glass, and they provide a path for light to be transmitted. Since fiber optics require lasers, special transceivers are required at each end. Compared to Ethernet, Fiber optic cables have the advantage of having a longer range, and generally a higher capacity.
Fiber optic cabling carries a big portion of global Internet traffic. We have a wide array of fiber optic cabling over land, and sea. Those connections are what allow you to communicate with someone on the other side of the country, or the other side of the world. This is possible because these transmissions happen at the speed of light.
Here’s where things get fun. Just like how Ethernet and fiber optic cabling take an electrical impulse or beam of light from A to B, we can do the same thing with radios, antennas, and radio waves.
Radios, Antennas, and Wireless Networking
Now that we have a rough common understanding of electromagnetic waves and wired data transmission, how can we transmit data wirelessly? The key is an antenna. Antennas convert electricity into radio waves, and radio waves into electricity. A basic antenna consists of two metal rods connected to a receiver or transmitter.
When transmitting, a radio supplies an alternating electric current to the antenna, and the antenna radiates the energy as electromagnetic waves. When receiving, an antenna reverses this process. It intercepts some of the power of a radio wave to produce an electrical current, which is applied to a receiver, and amplified. Receiving antennas capture a fraction of the original signal, which is why distance, antenna design, and amplification are important for a successful wireless transmission.
If you have a properly tuned, powerful antenna, you can send a signal 1000s of kilometers away, or even into space. It’s not just Wi-Fi, this is what makes satellites, radar, radio, and broadcast TV transmissions work too. Pretty cool, right?
How Wi-Fi Works: From Electricity to Information
An intricate pattern of electrons representing computer data flow into your Wi-Fi router, or wireless access point.
The access point sends that pattern of electrons to an antenna, generating an electromagnetic wave.
By alternating between a positive to negative charge, the wire inside of an antenna creates an oscillating electric and magnetic field. These oscillating fields propagate out into space as electromagnetic waves, and are able to be received by anyone in range.
Typical Wi-Fi access points have omnidirectional antennas, which make the wave propagate in all horizontal directions.
This wave travels through the air and hits a receiving antenna which reverses the process, converting the radiant energy in the radio wave back into electricity.
The electric field of the incoming wave pushes electrons back and forth in the antenna, creating an alternating positive and negative charge. The oscillating field induces voltage and current, which flows to the receiver.
The signal is amplified and received, either to the client device or to an Ethernet connection for further routing.
A lot of the wave’s energy is lost along the way.
If the transmission was successful, the electrical impulses should be a good copy of what was sent.
If the transmission wasn’t successful, the data is resent.
When the information is received on the other end, it is treated the same as any other data on the network.
More Fun Wi-Fi Facts
Wi-Fi has redundancy built-in. If you wanted to send “Hello” your access point wouldn’t send an H, an E, an L, an L and a O. It sends multiple characters for each one, just like you would on a static-filled radio or phone call. It will use its equivalent of the phonetic alphabet to send “Hotel”, “Echo”, “Lima”, “Lima”, “Oscar”.
That way, even if you didn’t hear the entire transmission, you are still likely to be able to know that “Hello” was being sent. The level of redundancy varies on signal strength and interference on the channel.
If the signal strength is high, the access point and receiver are able to use a complicated modulation scheme, and encode a lot of data.
If you think about our jump rope analogy from earlier, rather than just left and right, it can divide into 1/4s, 1/8ths, or further. It can also combine the direction of the modulation with strength, or phase of modulation.
The most complex modulation in Wi-Fi 6 is 1024-QAM, which has 1024 unique combinations of amplitude and phase. This results in high throughput, but requires a very strong wireless signal and minimal interference to work effectively.
As your wireless signal weakens, complex modulation can’t be understood. Both devices will step down to a less complex modulation scheme. This is why Wi-Fi slows down as you move away from the access point.
First In a Series: Wi-Fi 101
I plan on writing a whole series of posts about Wi-Fi fundamentals which will cover various topics about Wi-Fi, how to improve your home network, and related issues. If there is something you want me to cover, leave a comment below.
Footnotes
The IEEE, an international standards body, sets the definitions of what Wi-Fi is. They’re the reason we have Wi-Fi standards with names like 802.11n, 802.11ac or 802.11ax. They’ve since renamed the major standards to Wi-Fi 1, 2, 3, 4, 5, and 6. With each generation, Wi-Fi gets better, and there are a lot of details to cover. I’ll cover that in a future post.
Hertz did not realize the practical importance of his experiments. “It’s of no use whatsoever. This is just an experiment that proves Maestro Maxwell was right—we just have these mysterious electromagnetic waves that we cannot see with the naked eye. But they are there.” When asked about the applications of his discoveries, Hertz replied, “Nothing, I guess.”You can pay your respects to this legend by always capitalizing the H in MHz and GHz.
It takes about one second for a radio wave to travel from the Earth to the moon. It’s pretty amazing that over 50 years ago we had the technology to capture sound and images on the moon, turn them into electromagnetic waves, beam them back to Earth, and transmit them around the globe. I guess it’s pretty cool we put a human on the moon, too.
If you keep adding energy to microwaves, you can end up in a unique part of the EM spectrum, visible light. Visible light’s wavelengths are measured in nanometers, and nanometers are really small: a human hair is around 75,000 nanometers wide. Visible light has a wavelength between 380 and 740 nanometers and a frequency between 405 and 790 THz (trillions of cycles per second). It’s hard to wrap your head around, but a lot of foundational physics is, too.
Your eye is reading this page because your computer screen is sending out electromagnetic radiation in the visible light portion of the electromagnetic spectrum. Differences in the wavelength cause your eye to interpret different areas of the page as different colors. A whole lot of brain magic and pattern recognition lets you interpret those color variations as letters and words. If I did my job as a writer, there should also be some meaning behind those words. All from some waves shooting out of your screen. Physics is amazing, Wi-Fi isn’t magic, and writing is telepathy.
Every once in a while I go onto the Deep Space Network site to check on Voyager 1 and 2, and just to see what’s going on in general. Currently the round-trip time to V1 is about 1.69 days with a data rate of 150 bits/second, although I’ve seen it as low as 6 bits/sec. V2 is a bit closer at a mere 11 billion miles or so. It’s amazing to me that the entire space craft runs on 4 Watts. V1 and 2 have both departed the solar system.
Testimonials: I Passed the AWS Certified Advanced Networking Specialty
Passed the AWS Certified Advanced Networking Specialty Exam ANS-C01 2022
I recently passed the AWS Certified Advanced Networking Specialty ANS-C01 exam. I have passed the SysOps and SAA certifications before taking the ANS-C01 exam in the past, but man, this test really is challenging. The scenarios are in multiple paragraph form ( 2 or 3 paragraphs for the scenario) and the options are seemingly valid with a slight difference.
For my exam prep, I recommend using the AWS Skill Builder digital course for fast study of the core networking concepts and then take the Tutorials Dojo mock exams for validation. Read all the explanation and retake the mock exams until you feel confident on the topics. Also focus on some Kubernetes Pod Networking in EKS, Transit Gateway, Direct Connect Gateways, AWS Network Firewall and GuardDuty.
Also read the official exam guide so you know the list of services to focus on. The list of task statements is a gold mine of information. Also read the list of common exam scenarios on TD cheatsheets for final review:
For those who are about to take this exam, I recommend studying seriously for this test. You must really study and know the features of each AWS networking services. Also read up on other success posts in this subreddit, like this one:
Exam guide book by Kam Agahian and group of authors – this just got released and has all you need in a concise manual, it also included 3 practice exams, this is a must buy for future reference and covers ALL current exam topics including container networking, SD-WAN etc.
Stephane Maarek’s Udemy course – it is mostly up-to-date with the main exam topics including TGW, network firewall etc. To the point lectures with lots of hands-on demos which gives you just what you need, highly recommended as well!
Tutorial Dojos practice tests to drive it home – this helped me get an idea of the question wording, so I could train myself to read fast, pick out key words, compare similar answers and build confidence in my knowledge.
Crammed daily for 4 weeks (after work, I have a full time job + family) and went in and nailed it. I do have networking background (15+ years) and I am currently working as a cloud security engineer and I’m working with AWS daily, especially EKS, TGW, GWLB etc.
For those not from a networking background – it would definitely take longer to prep.
What are the corresponding Azure and Google Cloud services for each of the AWS services?
What are unique distinctions and similarities between AWS, Azure and Google Cloud services? For each AWS service, what is the equivalent Azure and Google Cloud service? For each Azure service, what is the corresponding Google Service? AWS Services vs Azure vs Google Services? Side by side comparison between AWS, Google Cloud and Azure Service?
Category: Marketplace Easy-to-deploy and automatically configured third-party applications, including single virtual machine or multiple virtual machine solutions. References: [AWS]:AWS Marketplace [Azure]:Azure Marketplace [Google]:Google Cloud Marketplace Tags: #AWSMarketplace, #AzureMarketPlace, #GoogleMarketplace Differences: They are both digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on their respective cloud platform.
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more codes)
Tags: #AlexaSkillsKit, #MicrosoftBotFramework, #GoogleAssistant Differences: One major advantage Google gets over Alexa is that Google Assistant is available to almost all Android devices.
Tags: #AmazonLex, #CogintiveServices, #AzureSpeech, #Api.ai, #DialogFlow, #Tensorflow Differences: api.ai provides us with such a platform which is easy to learn and comprehensive to develop conversation actions. It is a good example of the simplistic approach to solving complex man to machine communication problem using natural language processing in proximity to machine learning. Api.ai supports context based conversations now, which reduces the overhead of handling user context in session parameters. On the other hand in Lex this has to be handled in session. Also, api.ai can be used for both voice and text based conversations (assistant actions can be easily created using api.ai).
Category: Big data and analytics: Data warehouse Description: Apache Spark-based analytics platform. Managed Hadoop service. Data orchestration, ETL, Analytics and visualization References: [AWS]:EMR, Data Pipeline, Kinesis Stream, Kinesis Firehose, Glue, QuickSight, Athena, CloudSearch [Azure]:Azure Databricks, Data Catalog Cortana Intelligence, HDInsight, Power BI, Azure Datafactory, Azure Search, Azure Data Lake Anlytics, Stream Analytics, Azure Machine Learning [Google]:Cloud DataProc, Machine Learning, Cloud Datalab Tags:#EMR, #DataPipeline, #Kinesis, #Cortana, AzureDatafactory, #AzureDataAnlytics, #CloudDataProc, #MachineLearning, #CloudDatalab Differences: All three providers offer similar building blocks; data processing, data orchestration, streaming analytics, machine learning and visualisations. AWS certainly has all the bases covered with a solid set of products that will meet most needs. Azure offers a comprehensive and impressive suite of managed analytical products. They support open source big data solutions alongside new serverless analytical products such as Data Lake. Google provide their own twist to cloud analytics with their range of services. With Dataproc and Dataflow, Google have a strong core to their proposition. Tensorflow has been getting a lot of attention recently and there will be many who will be keen to see Machine Learning come out of preview.
Category: Serverless Description: Integrate systems and run backend processes in response to events or schedules without provisioning or managing servers. References: [AWS]:AWS Lambda [Azure]:Azure Functions [Google]:Google Cloud Functions Tags:#AWSLAmbda, #AzureFunctions, #GoogleCloudFunctions Differences: Both AWS Lambda and Microsoft Azure Functions and Google Cloud Functions offer dynamic, configurable triggers that you can use to invoke your functions on their platforms. AWS Lambda, Azure and Google Cloud Functions support Node.js, Python, and C#. The beauty of serverless development is that, with minor changes, the code you write for one service should be portable to another with little effort – simply modify some interfaces, handle any input/output transforms, and an AWS Lambda Node.JS function is indistinguishable from a Microsoft Azure Node.js Function. AWS Lambda provides further support for Python and Java, while Azure Functions provides support for F# and PHP. AWS Lambda is built from the AMI, which runs on Linux, while Microsoft Azure Functions run in a Windows environment. AWS Lambda uses the AWS Machine architecture to reduce the scope of containerization, letting you spin up and tear down individual pieces of functionality in your application at will.
Category:Caching Description:An in-memory–based, distributed caching service that provides a high-performance store typically used to offload non transactional work from a database. References: [AWS]:AWS ElastiCache (works as an in-memory data store and cache to support the most demanding applications requiring sub-millisecond response times.) [Azure]:Azure Cache for Redis (based on the popular software Redis. It is typically used as a cache to improve the performance and scalability of systems that rely heavily on backend data-stores.) [Google]:Memcache (In-memory key-value store, originally intended for caching) Tags:#Redis, #Memcached <Differences: They all support horizontal scaling via sharding.They all improve the performance of web applications by allowing you to retrive information from fast, in-memory caches, instead of relying on slower disk-based databases.”, “Differences”: “ElastiCache supports Memcached and Redis. Memcached Cloud provides various data persistence options as well as remote backups for disaster recovery purposes. Redis offers persistence to disk, Memcache does not. This can be very helpful if you cache lots of data, since you remove the slowness around having a fully cold cache. Redis also offers several extra data structures that Memcache doesn’t— Lists, Sets, Sorted Sets, etc. Memcache only has Key/Value pairs. Memcache is multi-threaded. Redis is single-threaded and event driven. Redis is very fast, but it’ll never be multi-threaded. At hight scale, you can squeeze more connections and transactions out of Memcache. Memcache tends to be more memory efficient. This can make a big difference around the magnitude of 10s of millions or 100s of millions of keys. ElastiCache supports Memcached and Redis. Memcached Cloud provides various data persistence options as well as remote backups for disaster recovery purposes. Redis offers persistence to disk, Memcache does not. This can be very helpful if you cache lots of data, since you remove the slowness around having a fully cold cache. Redis also offers several extra data structures that Memcache doesn’t— Lists, Sets, Sorted Sets, etc. Memcache only has Key/Value pairs. Memcache is multi-threaded. Redis is single-threaded and event driven. Redis is very fast, but it’ll never be multi-threaded. At hight scale, you can squeeze more connections and transactions out of Memcache. Memcache tends to be more memory efficient. This can make a big difference around the magnitude of 10s of millions or 100s of millions of keys.
Category: Enterprise application services Description:Fully integrated Cloud service providing communications, email, document management in the cloud and available on a wide variety of devices. References: [AWS]:Amazon WorkMail, Amazon WorkDocs, Amazon Kendra (Sync and Index) [Azure]:Office 365 [Google]:G Suite Tags: #AmazonWorkDocs, #Office365, #GoogleGSuite Differences: G suite document processing applications like Google Docs are far behind Office 365 popular Word and Excel software, but G Suite User interface is intuite, simple and easy to navigate. Office 365 is too clunky. Get 20% off G-Suite Business Plan with Promo Code: PCQ49CJYK7EATNC
Category: Management Description: A unified management console that simplifies building, deploying, and operating your cloud resources. References: [AWS]:AWS Management Console, Trusted Advisor, AWS Usage and Billing Report, AWS Application Discovery Service, Amazon EC2 Systems Manager, AWS Personal Health Dashboard, AWS Compute Optimizer (Identify optimal AWS Compute resources) [Azure]:Azure portal, Azure Advisor, Azure Billing API, Azure Migrate, Azure Monitor, Azure Resource Health [Google]:Google CLoud Platform, Cost Management, Security Command Center, StackDriver Tags: #AWSConsole, #AzurePortal, #GoogleCloudConsole, #TrustedAdvisor, #AzureMonitor, #SecurityCommandCenter Differences: AWS Console categorizes its Infrastructure as a Service offerings into Compute, Storage and Content Delivery Network (CDN), Database, and Networking to help businesses and individuals grow. Azure excels in the Hybrid Cloud space allowing companies to integrate onsite servers with cloud offerings. Google has a strong offering in containers, since Google developed the Kubernetes standard that AWS and Azure now offer. GCP specializes in high compute offerings like Big Data, analytics and machine learning. It also offers considerable scale and load balancing – Google knows data centers and fast response time.
Build and connect intelligent bots that interact with your users using text/SMS, Skype, Teams, Slack, Office 365 mail, Twitter, and other popular services.
Enables both Speech to Text, and Text into Speech capabilities. The Speech Services are the unification of speech-to-text, text-to-speech, and speech-translation into a single Azure subscription. It’s easy to speech enable your applications, tools, and devices with the Speech SDK, Speech Devices SDK, or REST APIs. Amazon Polly is a Text-to-Speech (TTS) service that uses advanced deep learning technologies to synthesize speech that sounds like a human voice. With dozens of lifelike voices across a variety of languages, you can select the ideal voice and build speech-enabled applications that work in many different countries. Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications. Using the Amazon Transcribe API, you can analyze audio files stored in Amazon S3 and have the service return a text file of the transcribed speech.
Computer Vision: Extract information from images to categorize and process visual data. Amazon Rekognition is a simple and easy to use API that can quickly analyze any image or video file stored in Amazon S3. Amazon Rekognition is always learning from new data, and we are continually adding new labels and facial recognition features to the service.
Face: Detect, identy, and analyze faces in photos.
The Virtual Assistant Template brings together a number of best practices we’ve identified through the building of conversational experiences and automates integration of components that we’ve found to be highly beneficial to Bot Framework developers.
Processes and moves data between different compute and storage services, as well as on-premises data sources at specified intervals. Create, schedule, orchestrate, and manage data pipelines.
Virtual servers allow users to deploy, manage, and maintain OS and server software. Instance types provide combinations of CPU/RAM. Users pay for what they use with the flexibility to change sizes.
Allows you to automatically change the number of VM instances. You set defined metric and thresholds that determine if the platform adds or removes instances.
Redeploy and extend your VMware-based enterprise workloads to Azure with Azure VMware Solution by CloudSimple. Keep using the VMware tools you already know to manage workloads on Azure without disrupting network, security, or data protection policies.
Azure Container Instances is the fastest and simplest way to run a container in Azure, without having to provision any virtual machines or adopt a higher-level orchestration service.
Deploy orchestrated containerized applications with Kubernetes. Simplify monitoring and cluster management through auto upgrades and a built-in operations console.
Fully managed service that enables developers to deploy microservices applications without managing virtual machines, storage, or networking. AWS App Mesh is a service mesh that provides application-level networking to make it easy for your services to communicate with each other across multiple types of compute infrastructure. App Mesh standardizes how your services communicate, giving you end-to-end visibility and ensuring high-availability for your applications.
Integrate systems and run backend processes in response to events or schedules without provisioning or managing servers. AWS Lambda is an event-driven, serverless computing platform provided by Amazon as a part of the Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code
Managed relational database service where resiliency, scale, and maintenance are primarily handled by the platform. Amazon Relational Database Service is a distributed relational database service by Amazon Web Services. It is a web service running “in the cloud” designed to simplify the setup, operation, and scaling of a relational database for use in applications. Administration processes like patching the database software, backing up databases and enabling point-in-time recovery are managed automatically. Scaling storage and compute resources can be performed by a single API call as AWS does not offer an ssh connection to RDS instances.
An in-memory–based, distributed caching service that provides a high-performance store typically used to offload non transactional work from a database. Amazon ElastiCache is a fully managed in-memory data store and cache service by Amazon Web Services. The service improves the performance of web applications by retrieving information from managed in-memory caches, instead of relying entirely on slower disk-based databases. ElastiCache supports two open-source in-memory caching engines: Memcached and Redis.
Migration of database schema and data from one database format to a specific database technology in the cloud. AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases.
Comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers. AWS X-Ray is an application performance management service that enables a developer to analyze and debug applications in the Amazon Web Services (AWS) public cloud. A developer can use AWS X-Ray to visualize how a distributed application is performing during development or production, and across multiple AWS regions and accounts.
A cloud service for collaborating on code development. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications. AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. AWS CodeCommit is a source code storage and version-control service for Amazon Web Services’ public cloud customers. CodeCommit was designed to help IT teams collaborate on software development, including continuous integration and application delivery.
Collection of tools for building, debugging, deploying, diagnosing, and managing multiplatform scalable apps and services. The AWS Developer Tools are designed to help you build software like Amazon. They facilitate practices such as continuous delivery and infrastructure as code for serverless, containers, and Amazon EC2.
Built on top of the native REST API across all cloud services, various programming language-specific wrappers provide easier ways to create solutions. The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
Configures and operates applications of all shapes and sizes, and provides templates to create and manage a collection of resources. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.
Provides a way for users to automate the manual, long-running, error-prone, and frequently repeated IT tasks. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.
Provides an isolated, private environment in the cloud. Users have control over their virtual networking environment, including selection of their own IP address range, creation of subnets, and configuration of route tables and network gateways.
Connects Azure virtual networks to other Azure virtual networks, or customer on-premises networks (Site To Site). Allows end users to connect to Azure services through VPN tunneling (Point To Site).
A service that hosts domain names, plus routes users to Internet applications, connects user requests to datacenters, manages traffic to apps, and improves app availability with automatic failover.
Application Gateway is a layer 7 load balancer. It supports SSL termination, cookie-based session affinity, and round robin for load-balancing traffic.
Azure Digital Twins is an IoT service that helps you create comprehensive models of physical environments. Create spatial intelligence graphs to model the relationships and interactions between people, places, and devices. Query data from a physical space rather than disparate sensors.
Provides analysis of cloud resource configuration and security so subscribers can ensure they’re making use of best practices and optimum configurations.
Allows users to securely control access to services and resources while offering data security and protection. Create and manage users and groups, and use permissions to allow and deny access to resources.
Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
Provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authentication that are fully compatible with Windows Server Active Directory.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called “management groups” and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale, no matter what type of subscriptions you have.
Helps you protect and safeguard your data and meet your organizational security and compliance commitments.
Key Management Service AWS KMS, CloudHSM | Key Vault
Provides security solution and works with other services by providing a way to manage, create, and control encryption keys stored in hardware security modules (HSM).
Provides inbound protection for non-HTTP/S protocols, outbound network-level protection for all ports and protocols, and application-level protection for outbound HTTP/S.
An automated security assessment service that improves the security and compliance of applications. Automatically assess applications for vulnerabilities or deviations from best practices.
Object storage service, for use cases including cloud applications, content distribution, backup, archiving, disaster recovery, and big data analytics.
Provides a simple interface to create and configure file systems quickly, and share common files. Can be used with traditional protocols that access files over a network.
Easily join your distributed microservice architectures into a single global application using HTTP load balancing and path-based routing rules. Automate turning up new regions and scale-out with API-driven global actions, and independent fault-tolerance to your back end microservices in Azure—or anywhere.
Cloud technology to build distributed applications using out-of-the-box connectors to reduce integration challenges. Connect apps, data and devices on-premises or in the cloud.
Serverless technology for connecting apps, data and devices anywhere, whether on-premises or in the cloud for large ecosystems of SaaS and cloud-based connectors.
Azure Stack is a hybrid cloud platform that enables you to run Azure services in your company’s or service provider’s datacenter. As a developer, you can build apps on Azure Stack. You can then deploy them to either Azure Stack or Azure, or you can build truly hybrid apps that take advantage of connectivity between an Azure Stack cloud and Azure.
Basically, it all comes down to what your organizational needs are and if there’s a particular area that’s especially important to your business (ex. serverless, or integration with Microsoft applications).
Some of the main things it comes down to is compute options, pricing, and purchasing options.
Here’s a brief comparison of the compute option features across cloud providers:
Here’s an example of a few instances’ costs (all are Linux OS):
Each provider offers a variety of options to lower costs from the listed On-Demand prices. These can fall under reservations, spot and preemptible instances and contracts.
Both AWS and Azure offer a way for customers to purchase compute capacity in advance in exchange for a discount: AWS Reserved Instances and Azure Reserved Virtual Machine Instances. There are a few interesting variations between the instances across the cloud providers which could affect which is more appealing to a business.
Another discounting mechanism is the idea of spot instances in AWS and low-priority VMs in Azure. These options allow users to purchase unused capacity for a steep discount.
With AWS and Azure, enterprise contracts are available. These are typically aimed at enterprise customers, and encourage large companies to commit to specific levels of usage and spend in exchange for an across-the-board discount – for example, AWS EDPs and Azure Enterprise Agreements.
You can read more about the differences between AWS and Azure to help decide which your business should use in this blog post
Office 365 and G Suite give you professional email, cloud storage, mailing list and fast access from anywhere using a browser.
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more codes)
I use both, but G suite still has an edge over all their other competitors for me.
My problem with Office 365 is that its email interface is heavy and can be confusing. Try adding an alias to forward to your main email using Office 365 and get back to me.
G suite email interface is well, Gmail: the best email system ever created.
Allows you to access documents in the cloud with over 30GB of storage
Helps you work faster from anywhere and from any device
G Suite Pros: * All useful apps to manage your small business in one place from same provider with 24/7 support * Slick and extremely fast apps like gmail, google groups * You can set them up yourself with no knowledge of IT * Cost efficient * Easy to use as most people already use gmail and other google products.
Gmail: Send and receive mail using your professional address, as in bob@yourcompany.com
Calendar: Share calendars to easily schedule meetings and events
Docs: Collaborate in real-time on online documents, spreadsheets, and presentations
Drive: Store and back up files securely in the cloud
Hangouts: Join video meetings from their laptop or other device
Administrative controls
Your administrative or IT team can also:
Manage user accounts and security settings from a central Admin console
Control user access to features and services
Remotely manage your mobile fleet
Track usage trends via audits and reports
Receive 24/7 support from G Suite experts
Unlimited storage
With G Suite Business, each user in your organization can store unlimited Gmail messages, Google Photos, and files in Drive. Or if there are 4 or fewer users in your organization, each user gets 1 TB of storage.
Company-wide search
Users can also use Google Cloud Search to:
Search for company content across Gmail, Docs, Calendar, and their other G Suite services
Receive useful information and suggestions from assist cards
With shared drives, files belong to a team instead of an individual. If members leave, files stay where they are so the team can continue to share information and get work done. Learn more
Advanced administrator controls
Archiving with Vault
Use Vault to retain, archive, search, and export your organization’s data for eDiscovery and compliance needs. Learn more
One of the biggest advantages of Office 365 is the ability to work from anywhere as long as you have an internet connection. Because it’s entirely cloud-based, you can access your email, files and Office programs (Word, PowerPoint, Excel) from any location and any device.
Multiple, flexible plans tailored to businesses
Advanced Security : It is a feature that provides extra protection from sophisticated threats that may be hidden in emails and attachments. Users are also provided with additional security features such as two-factor authentication
Cons of Office 365:
Relying on network and bandwidth. If your Internet provider goes down, then you haven’t any access to your enterprise software and data. Microsoft does not control how you access the Internet and, therefore, cannot account for any failures.
The user interface for email is heavy and cumbersome.
Today I Learned (TIL) You learn something new every day; what did you learn today? Submit interesting and specific facts about something that you just found out here.
Reddit Science This community is a place to share and discuss new scientific research. Read about the latest advances in astronomy, biology, medicine, physics, social science, and more. Find and submit new publications and popular science coverage of current research.