AWS CCP

¡Supera tus tareas y exámenes ahora con Quizwiz!

What do Resource Groups rely on to group your resources?

TAGS- You can assign metadata to your AWS resources in the form of tags. Tags can help you manage, identify, organize, search for, and filter resources.

EBS Volumes CANNOT be attached to multiple EC2 Instances. True or False

TRUE EBS Volumes can be attached to only one EC2 Instance, but EC2 Instances can have multiple EBS Volumes attached to them.

AWS Service Health Dashboard

Shows High Level health of services across all AWS regions.

In Amazon EC2, which pricing construct adjusts its price based on supply and demand of EC2 instances?

Spot Instance

Elastic IP address

Static IP@

Amazon CloudWatch billing metric data is stored in which AWS Region?

US East (N. Virginia) - us-east-1

An IT company has a hybrid cloud architecture and it wants to centralize the server logs for its EC2 instances and on-premises servers. Which of the following is the MOST effective for this use-case?

User CLOUDWATCH LOGS for both EC2 and on-prem severs

Which of the following policies grant the necessary permissions required to access your Amazon S3 resources? (Select TWO)

User policies Bucket policies

S3 Transfer Acceleration

Utilizes the CloudFront Edge Network to accelerate your uploads & downloads to S3.

Vertical Scaling Horizontal Scaling

Vertical Scaling: Increase instance size (= scale up / down) Horizontal Scaling: Increase number of instances (= scale out / in) • Auto Scaling Group • Load Balancer

AWS Snowball Edge

a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities

Which of the following AWS entities provides the information required to launch an EC2 instance?

AMI

A company would like to centrally manage access to multiple AWS accounts and business applications. Which service can it use?

AWS SSO is an AWS service that enables you to makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place.

Which of the following services allows you to easily migrate petabyte-scale data to AWS?

AWS Snowball

You need a unified user interface that gives you visibility, control, and patching capabilities for your EC2 Instances on AWS, as well as for servers running in your on-premises data centers. Which service should you use?

AWS Systems Manager

A company is planning to adopt a hybrid cloud architecture with AWS. Which of the following can they use to assist them in estimating their costs?

AWS Total Cost of Ownership (TCO) Calculator (migration cost to AWS) AWS Simple Monthly Calculator or Pricing Calculator (cost of actual solution architecture on AWS)

Transit Gateway

AWS Transit Gateway connects 100 of VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router

AWS Transit Gateway

AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router

An IT company is on a cost-optimization spree and wants to identify all EC2 instances that are under-utilized. Which AWS service can be used to address this use-case?

AWS Trusted Advisor

AWS X-Ray

AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. Collect traces, Record Traces, View Service Maps & analyze issues.

Personal Health Dashboard

AWS events that impact your infrastructure

Which of the following are correct statements regarding the AWS Shared Responsibility Model? (Select two)

AWS is responsible for Security "of" the Cloud For abstracted services like Amazon S3, AWS operates the infrastructure layer, the operating system, and platforms"

AWS KMS (Key Management Service)

AWS manage encryption keys for us.

Virtual Private Gateway (VPG)

AWS must use VPG for site to Site VPN

Cost allocation tags

AWS uses these tags to organize your resource costs on your cost allocation report, to make it easier for you to categorize and track your AWS costs

Amazon Macie discovers and protects your sensitive data on which of the following AWS services?

Amazon Simple Storage Service (Amazon S3)

Which of the following AWS services is an example of Software as a Service (SaaS)?

Amazon Simple Storage Service (Amazon S3)

Users from different parts of the globe are complaining about the slow performance of the newly launched photo-sharing website in loading their high-resolution images.Which combination of AWS services should you use to serve the files with lowest possible latency?

Amazon S3 Amazon CloudFront

What service provides the lowest-cost storage option for retaining database backups which also allows occasional data retrieval in minutes?

Amazon S3 Glacier S3 Glacier Deep Archive (LOWEST COST, 7-10 YEARS)

RDS (Relational Database Services)

Amazon's relational database service

How can you apply and easily manage the common access permissions to a large number of IAM users in AWS?

Attach the necessary policies or permissions required to a new IAM Group then afterwards, add the IAM Users to the IAM group.

CloudTrail

Audit API calls made within your AWS account

Rekognition

Automate your image and video analysis with machine learning// Use case- Identify objects in a photo

Inspector

Automated security assessment on EC2 instances- vulnerabilities (Security Benchmarks)

CloudFormation (CFN)

Automates resource provisioning using templates or infrastructure-as-code templates

A company is using Amazon S3 to store their static media contents such as photos and videos. Which of the following should you use to provide specific users access to the bucket?

Bucket Policy

What is the most cost-effective option to have 24x7 phone, email, and chat support?

Business Support Plan is the most cost-effective option that offers 24x7 phone, email, and chat support.

Full Trusted Advisor

Business and Enterprise support plans only - Ability to set cloudwatch alarms -Programmatic access using AWS support API

Elasticache

data caching service/ use to store the results of I/O-intensive SQL database queries to improve application performance /in-memory database with high-performance and low latency/ Redis or Memcached

Direct Connect (DX)

dedicated network connection from your premises to AWS (Private)

Amazon Simple Queue Service (SQS)

distributed messaging system/ Provides managed message queues/de-couple / Pull based system Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

Athena

interactive server less query service to analyse data

AWS Storage Gateway

is a hybrid storage service that enables your on-premises applications to seamlessly use storage in the AWS Cloud. You can use the service for backup and archiving, disaster recovery, cloud bursting, storage tiering, and migration.

Amazon Macie

is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS.

Kinesis

streaming service, ideal for dashboards and large scale real time analytics

Systems Manager (SSM)

this service just provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources/ Patch EC2 instances or on prem servers /run commands across all servers /configure servers

X-Ray

trace requests made through your distributed applications/ helps developers analyze and debug production as well as distributed applications

Cognito

user sign-up, sign-in & access control for web and mobile apps (eg FB, Google)

QuickSight

visualise the billing data as graphs/ BI

Redshift

Cloud data warehouse, Columnar DB, petabyte warehouse /online analytical processing

Deployment (summary)

CloudFormation: (AWS only) • Infrastructure as Code, works with almost all of AWS resources • Repeat across Regions & Accounts • Beanstalk: (AWS only) • Platform as a Service (PaaS), limited to certain programming languages or Docker • Deploy code consistently with a known architecture: ex, ALB + EC2 + RDS • CodeDeploy (hybrid): deploy & upgrade any application onto servers • Systems Manager (hybrid): patch, configure and run commands at scale • OpsWorks (hybrid): managed Chef and Puppet in AWS

Global services in AWS

CloudFront Route 53 IAM WAF

Amazon Lightsail

Great for people with little cloud experience Low & predictable pricing

Which AWS Support plan provides general architectural guidance on how services can be used for various use-cases, workloads, or applications?

Developer

Which AWS services support High Availability by default? (Select two)

DynamoDB EFS

What is an EBS Volume tied to?

EBS Volumes are tied to only one availability zone.

EC2 Instance Store

EC2 Instance Store has a better I/O performance, but data is lost if: the EC2 instance is stopped or terminated, or when the underlying disk drive fails.

Which EC2 Storage would you use to create a shared network file system for your EC2 Instances?

EFS Amazon EFS is a fully managed service that makes it easy to set up, scale, and cost-optimize file storage in the Amazon Cloud.

Amazon Glue

ETL service = Extract, Transform, Load

AWS Fargate

Fargate: Server-less run Docker container ECS: Run docker but need to provision servers (EC2)

ECS (Elastic Container Service)

It's a managed container based compute service. Amazon ECS is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster.

Shield

Managed DDoS protection service --------------------------------------- AWS Shield Advanced offers protection against higher fees that could result from a DDoS attack

Simple Notification Service (SNS)

Messaging service triggered by certain events/ Pub-Sub system/ Push based system

What are Objects NOT composed of?

KEY+VALUE+METADATA

Which of the following should you use to automatically transfer your infrequently accessed data in your S3 bucket to a more cost-effective storage class?

Lifecycle policy ----------------------- You can use lifecycle policies in S3 to automatically move your infrequently accessed data to a more cost-effective storage class such as S3-IA or Glacier.

Which of the following are the best practices that can help secure your AWS resources using the AWS Identity and Access Management (IAM) service? (Select TWO)

Lock Away Your AWS Account Root User Access Keys Create Individual IAM Users Use Groups to Assign Permissions to IAM Users Grant Least Privilege Get Started Using Permissions with AWS Managed Policies Use Customer Managed Policies Instead of Inline Policies Use Access Levels to Review IAM Permissions Configure a Strong Password Policy for Your Users Enable MFA Use Roles for Applications That Run on Amazon EC2 Instances Use Roles to Delegate Permissions Do Not Share Access Keys Rotate Credentials Regularly Remove Unnecessary Credentials Use Policy Conditions for Extra Security Monitor Activity in Your AWS Account

Security Best Practices in IAM

Lock Away Your AWS Account Root User Access Keys Create Individual IAM Users Use Groups to Assign Permissions to IAM Users Grant Least Privilege Get Started Using Permissions with AWS Managed Policies Use Customer Managed Policies Instead of Inline Policies Use Access Levels to Review IAM Permissions Configure a Strong Password Policy for Your Users Enable MFA Use Roles for Applications That Run on Amazon EC2 Instances Use Roles to Delegate Permissions Do Not Share Access Keys Rotate Credentials Regularly Remove Unnecessary Credentials Use Policy Conditions for Extra Security Monitor Activity in Your AWS Account Video Presentation About IAM Best Practices

In the VPC dashboard of your AWS Management Console, which of the following services or feature below can you manage?

Network ACLs Security Groups

Which of the following is best suited for load balancing Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Transport Layer Security (TLS) traffic including the capability of handling millions of requests per second while maintaining ultra-low latencies?

Network Load Balancer

CloudTrail

Logs all API calls; (Who we can blame)

What is the best type of instance purchasing option to choose if you will run an EC2 instance for 3 months to perform a job that is uninterruptible?

On-Demand

EFS (Elastic File System)

Network based File System EC2 instances can access files on an EFS file system across many Availability Zones, regions and VPCs

CloudWatch

*Metrics: monitor the performance of AWS services and billing metrics • Alarms: automate notification, perform EC2 action, notify to SNS based on metric • Logs: collect log files from EC2 instances, servers, Lambda functions... • Events (or EventBridge): react to events in AWS, or trigger a rule on a schedule

What is the minimum number of Availability Zones that you should set up for your Application Load Balancer in order to create a highly available architecture?

2

Which EC2 Purchasing Option should you use for an application you plan on running on a server continuously for 1 year?

Reserved Instances are good for long workloads. You can reserve instances for 1 or 3 years.

AWS Secret Manager

Rotation, manage and retrieve secrets/password in RDS

Which features are available with Route 53?

Route 53 features are (non exhaustive list): Domain Registration, DNS, Health Checks, Routing Policy

Elastic Beanstalk

Run and manage web apps.Developer put your code (python) and run it (PAAS)

Data encryption is automatically enabled for which of the following AWS services? (Select two)?

S3 Glacier-Data at rest is automatically server-side encrypted Storage Gateway -AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. All data transferred between the gateway and AWS storage is encrypted using SSL Cloudtrail logs

Which S3 storage class offers the lowest availability?

S3 One Zone-IA S3 One Zone-IA is for data that is accessed less frequently but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ.

Which of the following is the best way to protect your data from accidental deletion on Amazon S3?

S3 Versioning Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket.

Which pricing model allows you to minimize risks, predictably manage budgets and comply with long-term requirements, and is available for EC2, DynamoDB, ElastiCache, RDS, and Redshift?

SAVE WHEN YOU RESERVE Reservations are available for EC2 Reserved Instances, DynamoDB Reserved Capacity, ElastiCache Reserved Nodes, RDS Reserved Instance, Redshift Reserved Nodes. Reservations allow you to minimize risks, predictably manage budgets and comply with long-term requirements.

_______ is a cloud design principle which supports growth in users, traffic, or data size with no drop-in performance.

Scalability

Which of the following best describes the concept of the loose coupling design principle?

A change or a failure in one component should not cascade to other components.

____________team has AWS billing and account experts

Concierge Support

Amazon S3 is designed for (____ 9's) of durability

99.999999999% (11 9's) of durability

Which of the following IAM identities is associated with the access keys via the AWS Command Line Interface (AWS CLI)?

<IAM User>-Access keys are long-term credentials for an IAM user

Consolidated Billing advantage are

<One bill> - You get one bill for multiple accounts. <Easy tracking> - across multiple accounts and download the combined cost and usage data. <Combined usage> - volume pricing discounts and Reserved Instance discounts. <No extra fee>

What services will help you create a highly available and scalable web app in the cloud? (Select TWO)

AWS ELB Amazon EC2 Auto Scaling

What is the name of a central repository to store structural and operational metadata for data assets in AWS Glue?

AWS Glue Data Catalog

Which service will allow you to group together users who perform a similar function and apply function-specific privileges?

AWS IAM

Which of the following services are part of the AWS serverless platform that does not require provisioning, maintaining, and administering servers for backend components? (Select TWO)

AWS Lambda Lambda@Edge Amazon API Gateway AWS Fargate S3 Dynamo DB; EFS;Aurora;SNS;SQS;Step Function;Kinesis, Athena

Which among the options below can you use to launch a new Amazon RDS database cluster to your VPC? (Select TWO)

AWS Management Console AWS CloudFormation

AWS OpsWorks

AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet.

_________________________ helps customers design, architect, migrate, or build new applications on AWS

AWS Partner Network Consulting Partners

_____________________ provide software solutions that are either hosted on, or integrated with, the AWS platform

AWS Partner Network Technology Partners

Which service does AWS use to notify you when AWS is experiencing events that may impact you?

AWS Personal Health Dashboard (PHD)

_________________________ created the AWS Cloud Adoption Framework (AWS CAF) to help organizations design and travel an accelerated path to successful cloud adoption

AWS Professional Services

You are permitted to conduct security assessments and penetration testing without prior approval against which AWS resources? (Select TWO)

Amazon RDS Amazon Aurora ----------------------- Permitted Services - Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers - Amazon RDS - Amazon CloudFront - Amazon Aurora - Amazon API Gateways - AWS Lambda and Lambda Edge functions - Amazon Lightsail resources - Amazon Elastic Beanstalk environments Prohibited Activities - The following activities are prohibited at this time: - DNS zone walking via Amazon Route 53 Hosted Zones - Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS - Port flooding - Protocol flooding - Request flooding (login request flooding, API request flooding)

You need to host a new Microsoft SQL Server database in AWS for an urgent project. Which AWS services should you use to meet this requirement?

Amazon RDS Amazon EC2

Which service allows you to add powerful visual analysis feature to your applications that enables you to search, verify, and organize millions of images?

Amazon Rekognition

Cloud Front (CDN)

Content Delivery Network / It uses Caching- Edge location/POP locations

AWS Transcribe

Convert speech to speech to text

Which can you use to connect your on-premises data center and your cloud architecture in AWS?

Amazon Route 53 Virtual Private Gateway

How long can you reserve an EC2 Reserved Instance?

1 or 3 year

Which of the following are the characteristics of Amazon EC2 Convertible Reserved Instances? (Select TWO)

1) Allows the change of instance family, operating system, tenancy, and payment option 2) Has the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value

AWS Trusted Advisor

1) Cost Optimisation 2) Performance 3) Security 4) Fault Tolerance 5) Service Limits

A company is in the process of choosing the most suitable AWS Region to migrate their applications. Which of the following factors should they consider?

1) enhance customer experiences by reducing latency to users 2)support country-specific data sovereignty compliance requirements

Developer support plan in AWS

1)Limited access to the 7 Core Trusted Advisor checks 2)No access to the AWS Support API

Amazon CloudWatch Logs

1)monitor application logs from Amazon EC2 Instances 2)adjust the retention policy for each log group 3)Query Your Log Data

AWS Budgets

1)set alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. 2)receive alerts when your utilisation drops below the threshold you define

Which of the following are the pillars of the AWS Well-Architected Framework?

1. Operational Excellence-recommends maintaining infrastructure as code 2. Security 3. Reliability - expected to work uninterrupted & ability to prevent, and quickly recover from failures 4. Performance Efficiency- monitor apps performance 5. Cost Optimization

PORTS 21 22 22 23 443 3389

21 -FTP 22 - SSH- Linux 22 - SFTP-upload files using SSH 23- Telnet 80-HTTP 443-HTTPS 3389-RDP (Remote Desktop Protocol) - Windows

Aurora

5x MySQL and 3x postgreSQL compatible enterprise class fully managed, highly scalable relational DB

Compared to the On-demand prices, what is the highest possible discount offered for reserved instances?

75

Which type of firewall has both ALLOW and DENY rules and operates at the subnet level?

A network access control list (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. They have both ALLOW and DENY rules.

In the AWS Shared Responsibility Model, whose responsibility is it to patch the host operating system of an Amazon EC2 instance?

AWS

What can you use to get alerts when your costs and usage are exceeding or are forecasted to exceed your budgeting amount?

AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. Difference with CloudWatch Billing Alarms: CloudWatch Billing Alarms only send alerts when your costs and usage are exceeding your budget, not when it is forecasted to exceed your budget, while AWS Budgets does both.

Which of the following allows you to deploy any AWS Infrastructure as a Code?

AWS CloudFormation

What is called the declaration of the AWS resources that make up a stack?

AWS CloudFormation templates are JSON or YAML-formatted text files. They are declarations of the AWS resources that make up a stack.

Which is a fully-managed source control service that allows you to host Git-based repositories and enable code collaboration for your team via pull requests, branching, and merging?

AWS CodeCommit

Which AWS managed service allows to automate software deployments to a hybrid mix of EC2 Instances and On-Premises servers?

AWS CodeDeploy

AWS CodeDeploy

AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises

Which of the following can a developer use to interact with your AWS services?

AWS Command Line Interface AWS SDKs

AWS Config

AWS Config provides a detailed view of the configuration changes of AWS resources in your AWS account. Helps with audit & recording compliance of of your AWS resources.

Which of the following provides you the the most granular data about your AWS costs and usage and also load that information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice?

AWS Cost and Usage report (AWS CUR)

What should you provide to your developers to allow them to access your AWS services through the AWS CLI?

Access keys

VPC Endpoint

Access services privately S3 & Dynamo DB= VPC Gateway Others= VPC Interface

Auto Scaling

Add or remove correct number of EC2 instances (When and Where)

Which of the following should you use if you need to provide temporary AWS credentials for users who have been authenticated via their social media logins as well as for guest users who do not require any authentication?

Amazon Cognito Identity Pool

A company just created a new mobile application and wants to add a simple and secure user sign-up, sign-in, and access control. Which AWS service can it use?

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.

Which service should you use if you need a scalable, fast, and flexible non-relational database service?

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability

AWS services to store rapidly changing data with low read and write latencies?

Amazon EBS Amazon RDS

A research lab wants to optimize the caching capabilities for its scientific computations application running on EC2 instances. Which EC2 storage option is best suited for this use-case?

Amazon EC2 Instance Store An Instance Store provides temporary block-level storage for your EC2 instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for the temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers. Instance storage is temporary, data is lost if instance experiences failure or is terminated.

Which of the following is the most cost-effective instance purchasing option for hosting an application which will run non-interruptible workloads for a period of three years?

Amazon EC2 Standard Reserved Instances

Service to launch a customized self-hosted database which requires a scheduled shutdown every night to save on cost?

Amazon EC2 instance with an EBS volume

Regional services in AWS

Amazon EFS AWS Batch AWS Lambda Amazon Rekognition

Which of the following is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?

Amazon GuardDuty

Which of the following databases is a managed service with SQL capability suited for Online Transaction Processing (OLTP)?

Amazon RDS (Amazon RDS) is a SQL managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It is suited for OLTP workloads

Batch

Batch: • No time limit • Any runtime as long as it's packaged as a Docker image • Rely on EBS / instance store for disk space • Relies on EC2 (can be managed by AWS)

Which among the services below can you use to test and troubleshoot IAM and resource-based policies?

IAM Policy Simulator

Amazon Connect

Call Centre Service

Artifact

Compliance-related information

Under the Shared Responsibility Model, who is responsible for operating-system patches and updates on EC2 Instances?

Customer The customer is responsible for operating-system patches and updates on EC2 Instances, as well as data security on the instances, Security Groups rules, etc.

Which of the following AWS Cost Management tools enable you to forecast future costs and usage of your AWS resources based on your past consumption?

Cost Explorer

Which budget types can be created under AWS Budgets (Select three)?

Cost budget Usage budget Reservation budget Savings Plans budget.

What is the most secure way to provide applications temporary access to your AWS resources?

Create an IAM role and have the application assume the role

An e-commerce company uses AWS Cloud and would like to receive separate invoices for development and production environments. As a Cloud Practioner, which of the following solutions would you recommend for this use-case?

Create separate AWS accounts for development and production environments to receive separate invoices

Site to Site VPN

Creates a secure connection between your on premise data center or branch office and your AWS cloud resources. This connection goes over the public internet

Route 53

DNS (Domain Name System). Translate domain name to IP@

Which of the following cloud best practices reinforces the use of the Service-Oriented Architecture (SOA) design principle?

Decouple your components

When a company uses AWS and decouple from their on-premises data center, they will be able to have which of the following benefits? (Select TWO)

Decrease your TCO. Reduce time to market.

Which of the following improves the availability for a fleet of EC2 instances?

Deploy the EC2 instances across different Availability Zones in the same AWS Region

Elastic Load Balancer (ELB)

Distributes incoming traffic (load)

Docker is used for ____________ & ______________

Docker is not for AWS Lambda, it's for ECS / Fargate

Which service is referred to as a Platform as a Service (PaaS)?

Elastic Beanstalk is a Platform as a Service (PaaS). You only manage data and applications. AWS Elastic Beanstalk makes it even easier for developers to quickly deploy and manage applications in the AWS Cloud

Which of the following is not required when launching an EBS-backed EC2 instance?

Elastic IP address

Which AWS Support plan guarantees a case response time of 15 minutes when Business Critical systems are down?

Enterprise

Which AWS Route 53 routing policy would you use when you want to route your traffic in an active-passive configuration?

Failover routing policy

Agility is one of the benefits of using cloud computing that provides customer with what advantage?

Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.

Agility

Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers/innovate faster and rapidly develop, test and launch software applications

Important characteristics of groups:

Following are some important characteristics of groups: - A group can contain many users, and a user can belong to multiple groups. - Groups can't be nested; they can contain only users, not other groups. - There's no default group that automatically includes all users in the AWS account. - There's a limit to the number of groups you can have, and a limit to how many groups a user can be in.

Which of the following statements are true about Cost Allocation Tags in AWS Billing? (Select two)

For each resource, each tag key must be unique, and each tag key can have only one value You must activate both AWS generated tags and user-defined tags separately before they can appear in Cost Explorer or on a cost allocation report

AWS Sage-maker

Fully managed Machine learning for every developer and data scientist

Amazon Database Migration Service (AWS DMS)

Helps to migrate DB to AWS

IAM Security tools

IAM Credentials report(account level)-list all user accounts & credentials IAM Access Advisor (user level)- shows permissions granted to a user

AWS Global accelerator

Improve global application availability & performance using AWS Global network

Which of the following AWS services offer block-level storage? (Select two)

Instance Store (temporary) EBS

A customer needs to retrieve the instance ID, public keys, and public IP address of their EC2 instance. Which of the following should they use to get these details?

Instance metadata

Which of the following is used to enable instances in the public subnet to connect to the public Internet?

Internet Gateway

Lambda

Lambda: • Time limit • Limited runtimes • Limited temporary disk space • Serverless

AWS Translate

Language translation

Which is a key design principle when running an application in AWS?

Loose coupling

S3 Glacier

Low cost storage for archiving and long term backup

CloudWatch

Monitor performance of EC2 instances .It can trigger events (METRIC REPOSITORY)

Customer Gateway (CGW)

On premise must use CGW for site to Site VPN

_________ allows private subnet access to internet

NAT Gateway and NAT instances

Your private subnets need to connect to the Internet while still remaining private. Which AWS-managed VPC component allows you to do this?

NAT Gateways allow your instances in your private subnets to access the Internet while remaining private, and are managed by AWS.

AWS Comprehend

NLP= Natural Language Processing

DynamoDB (DDB)

NoSQL key/value fully managed Database-as-a-Service (DBaaS); it can store JSON documents/ non relational / 3AZ /server-less / single digit millisecond latency

AWS Lambda pricing is based on which of the following criteria? (Select two)

Number of requests for the lambda function The time it takes for the lambda function to execute

S3 (Simple Storage Service)

Object Storage

Security Group (SG)

Operates at instance level//ALLOW rule/ stateful, that is, it automatically allows the return traffic

Network ACL (NACL)

Operates at subnet level /ALLOW and DENY rules/ contains a numbered list of rules and evaluates these rules in the increasing order while deciding whether to allow the traffic

According to the AWS Shared Responsibility Model, which of the following are responsibilities of the customer (select 2)?

Operating system patches and updates of an EC2 instance Enabling data encryption of data stored in S3 buckets

Key financial benefit of migrating systems hosted on your on-premises data center to AWS?

Opportunity to replace upfront capital expenses (CAPEX) with low variable costs.

Which of the following services can help you manage multiple AWS accounts?

Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts.

Lambda pricing is based on ___________ & __________________

Pay per calls Pay per duration

A cyber-security agency uses AWS Cloud and wants to carry out security assessments on their own AWS infrastructure without any prior approval from AWS. Which of the following describes/facilitates this practice?

Penetration Testing

EBS (Elastic Block Store)

Provides PERSISTENT BLOCK network storage for EC2 services.

Which of the following is true regarding the Business support plan in AWS?

Provides a 1-hour response time support if your production system goes down

Trusted Advisor

Provides best practices or checks (Cost optimization, Performance, Security, Fault tolerance & Service Limits)

REGIONS AZ EDGE LOCATIONS

REGIONS- Isolated Geographical Areas AZ- Collection of DC's Edge Locations- POP's

What is the primary benefit of deploying an RDS database in a Read Replica configuration?

Read Replica improves database scalability. Read Replicas allow you to create read-only copies that are synchronized with your master database. Read Replicas are used for improved read performance. You can also place your read replica in a different AWS Region closer to your users for better performance. Read Replicas are an example of horizontal scaling of resources.

ECR (Elastic Container Registry)

Registry where you store your Docker images so they can be run by ECS or Fargate

Databases & Analytics Summary in AWS

Relational Databases - OLTP: RDS & Aurora (SQL) • In-memory Database: ElastiCache • Key/Value Database: DynamoDB (serverless & NoSQL) • Warehouse - OLAP: Redshift (SQL) • Hadoop Cluster: EMR • Athena: query data on Amazon S3 (serverless & SQL) • Glue: Managed ETL (Extract Transform Load) and Data Catalog service • Database Migration: DMS

Scalability vs Elasticity (vs Agility)

Scalability: ability to accommodate a larger load by making the hardware stronger (scale up), or by adding nodes (scale out) • Elasticity: once a system is scalable, elasticity means that there will be some "auto-scaling" so that the system can scale based on the load. This is "cloud-friendly": pay-per-use, match demand, optimize costs • Agility: (not related to scalability - distractor) new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes.

Horizontal Scaling

Scaling horizontally takes place through an increase in the number of resources, such as adding more hard drives to a storage array or adding more servers to support an application.

Vertical Scaling

Scaling vertically takes place through an increase in the specifications of an individual resource, such as upgrading a server with a larger hard drive or a faster CPU

Lambda

Serverless functions that lets you run/execute a code (Faas),15mins

AWS SCP (Service Control Policies)

Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization

AWS Lex

Speech to text- ASR(Automatic Speech Recognition)/ Use cases: Chatbot or call centre bots

AWS Polly

Text to speech-opposite of transcribe

An IT company would like to move its IT infrastructure from an AWS Region in the US to another AWS Region in Europe. Which of the following represents the correct solution for this use-case?

The company should just start creating new resources in the destination AWS Region and then migrate the relevant data and applications into this new AWS Region

VPC Flow Logs

To log/ capture all your VPC/IP traffic to CloudWatch.

Which of the following actions will AWS charge you for?

Transfer of EC2 files between two AWS Regions

A customer currently has a Basic support plan and they are planning to use the Infrastructure Event Management, Well-Architected Reviews and Operations Reviews features in AWS. What should they do in order to access these features in the most cost-effective manner?

Upgrade to Enterprise support plan.

A financial services company must meet compliance requirements that mandate storing multiple copies of data in geographically distant locations. As the company uses S3 as its main storage service, which of the following represents the MOST resource-efficient solution for this use-case?

Use Cross-Region replication (CRR) to replicate data between distant AWS Regions Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region.

A space agency is using Amazon S3 to store their high-resolution satellite images and videos everyday. Which of the following should they do to minimize the upload time?

Use the Multipart upload API ----------------------------------- Multipart upload allows you to upload a single object as a set of parts. Each part is a contiguous portion of the object's data. You can upload these object parts independently and in any order. If transmission of any part fails, you can retransmit that part without affecting other parts. After all parts of your object are uploaded, Amazon S3 assembles these parts and creates the object. In general, when your object size reaches 100 MB, you should consider using multipart uploads instead of uploading the object in a single operation.

VPC (Virtual Private Cloud)

Used to create Private Network inside AWS; lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

Which AWS service will you use to privately connect your VPC to Amazon S3?

VPC Endpoint Gateway

A financial services enterprise plans to enable Multi-Factor Authentication (MFA) for its employees. For ease of travel, they prefer not to use any physical devices to implement MFA. Which of the below options is best suited for this use case?

Virtual MFA device (Google Authenticator is an example of a Virtual MFA device)

Which of the following are components of an AWS Site-to-Site VPN? (Select two)

Virtual Private Gateway Customer Gateway --------------------- AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC) Contents: Virtual Private Gateway Customer Gateway Customer Gateway device Transit Gateway

EC2

Virtual servers provides resizable compute capacity in cloud (IAAS)

With which services does CloudFront integrate to protect against web attacks?

WAF and SHIELD You can use AWS WAF web access control lists (web ACLs) to help minimize the effects of a distributed denial of service (DDoS) attack. For additional protection against DDoS attacks, AWS also provides AWS Shield Standard and AWS Shield Advanced.

Web Application Firewall (WAF)

WAF is a Layer 7 (HTTP)Application Firewall.

You are running an on-demand Linux EC2 instance, what timing is applied regarding billing?

With Linux EC2 instances, you pay per second of compute capacity. There is also a minimum of 60s of use.

An AWS user is trying to launch an EC2 instance in a given region. What is the region-specific constraint that the Amazon Machine Image (AMI) must meet so that it can be used for this EC2 instance?

You must use an AMI from the same region as that of the EC2 instance. The region of the AMI has no bearing on the performance of the EC2 instance

AWS Batch

batch management capabilities that enables to run batch computing jobs on AWS

VPC Peering

connecting 2 VPC's privately using AWS to behave like the same network

CloudSHM

hardware security module (HSM) enables encryption keys- customer manage their keys

Elastic Map Reduce (EMR)

managed Hadoop (Big Data) framework

The advantage of using managed services like RDS, ElastiCache, and CloudSearch in AWS is

simplifies all of your OS patching and backup activities to help keep your resources current and secure.

Service Health Dashboard

• Service Health Dashboard: status of all AWS services across all regions


Conjuntos de estudio relacionados

Content Area 10: The Swing (After Fragonard)

View Set

IB History: Independence Movements—Venezuelan Independence

View Set