AWS Cloud Practioner 3rd set

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following are the best practices that can help secure your AWS resources using the AWS Identity and Access Management (IAM) service? (Select TWO.) a.) Grant Most Privilege b.) Use Inline Policies instead of Customer Managed Policies c.) Grant Least Privilege d.) Use Bastion Hosts e.)Lock away your AWS account root user access keys

c.) Grant Least Privilege e.)Lock away your AWS account root user access keys

Which of the following is not required when launching an EBS-backed EC2 instance? a.) Elastic IP address b.) Security group c.) EBS Root volume d.) VPC and subnet specification

a.) Elastic IP address

A website is experiencing varying levels of traffic throughout the day and is not fully consuming server capacity all the time. Which advantage does AWS Cloud provide over traditional data centers when it comes to handling traffic load? a.) Elasticity b.) Durability c.) High availability d.) Quick capacity provisioning

a.) Elasticity

Which of the following is best suited for load balancing Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Transport Layer Security (TLS) traffic and has the capability of handling millions of requests per second while maintaining ultra-low latencies? a.) Network Load Balancer b.) Application Load Balancer c.) Gateway Load Balancer d.) None of the above

a.) Network Load Balancer

What is the best type of instance purchasing option to choose if you will run an EC2 instance for 3 months to perform a job that is uninterruptible? a.) On-Demand b.) Reserved instance c.) Spot instance d.) Dedicated Instance

a.) On-Demand On-Demand is the best instance type to use when you need instances for short periods of time and for uninterruptible workloads since they are the cheapest option for its span of time.

Which of the following provides software solutions that are either hosted on or integrated with the AWS platform which may include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management, and security vendors? a.) APN Technology Partners b.) APN Consulting Partners c.) Concierge Support d.) Technical Account Management

a.) APN Technology Partners

Which of the following AWS Cost Management tools enable you to forecast future costs and usage of your AWS resources based on your past consumption? a.) AWS Cost Explorer b.) AWS Pricing Calculator c.) AWS Cost and Usage report d.) Amazon Forecast

a.) AWS Cost Explorer AWS Pricing Calculator is incorrect because this tool is used to estimate your AWS bill by manually entering your planned resources by service. It does not forecast future costs and usage of your AWS resources based on your past consumption, unlike the AWS Cost Explorer. AWS Cost and Usage report is incorrect because this tool doesn't forecast your future costs. It just lists your AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes. Amazon Forecast is incorrect because this is actually not considered as one of the AWS Cost Management tools. Amazon Forecast is a fully managed service that uses machine learning to deliver highly accurate forecasts of any time-series data, such as retail demand, manufacturing demand, travel demand, revenue, IT capacity, logistics, and web traffic.

A customer needs to establish a dedicated connection between their on-premises network and their AWS VPC that provides a more consistent network experience than Internet-based connections. Which of the following network services should they use? a.) AWS Direct Connect b.) VPN Connection c.) AWS VPN CloudHub d.) VPC Peering

a.) AWS Direct Connect AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. With the help of Direct Connect Partners, you can extend your preexisting data center or office network to a Direct Connect location. All AWS services, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), and Amazon DynamoDB can be used with Direct Connect.

Which service will allow you to group together users who perform a similar function and apply function-specific privileges? a.) AWS IAM b.) Resource group c.) AWS Directory Service d.) Tagging

a.) AWS IAM AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. IAM has various identities such as IAM Users, IAM Groups, and IAM Roles.

Which of the following is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities? a.) AWS Snowball Edge b.) AWS Snowcone c.) Lambda@Edge d.) AWS Snowmobile

a.) AWS Snowball Edge AWS Snowball Edge is a data migration and edge computing device that comes in two options. Snowball Edge Storage Optimized provides both block storage and Amazon S3-compatible object storage, and 24 vCPUs. It is well suited for local storage and large scale data transfer. Snowball Edge Compute Optimized provides 52 vCPUs, block and object storage, and an optional GPU for use cases such as advanced machine learning and full-motion video analysis in disconnected environments. Customers can use these two options for data collection, machine learning and processing, and storage in environments with intermittent connectivity (such as manufacturing, industrial, and transportation) or in extremely remote locations (such as military or maritime operations) before shipping it back to AWS. These devices may also be rack mounted and clustered together to build larger, temporary installations.

A customer in North Virginia, USA is doing some drone work and collecting environmental data. Which of the following services allows him to easily obtain terabytes of data storage for use in a space-constrained environment and allows him to transfer these data to AWS? a.) AWS Snowcone b.) Amazon Data Pipeline c.) Amazon SQS d.) AWS Transit Gateway

a.) AWS Snowcone AWS Snowcone is the smallest member of the AWS Snow Family of edge computing, edge storage, and data transfer devices, weighing in at 4.5 pounds (2.1 kg) with 8 terabytes of usable storage. Snowcone is ruggedized, secure, and purpose-built for use outside of a traditional data center. Its small form factor makes it a perfect fit for tight spaces or where portability is a necessity and network connectivity is unreliable.

Which of the following is the most cost-effective payment option when you purchase either a Standard or Convertible Reserved Instance for a 1-year term? a.) All Upfront b.) Partial Upfront c.) No Upfront d.) Deferred

a.) All Upfront All Upfront option: You pay for the entire Reserved Instance term with one upfront payment. This option provides you with the largest discount compared to On-Demand instance pricing.

Which of the following services are part of the AWS serverless platform that does not require provisioning, maintaining, and administering servers for backend components? (Select TWO.) a.) Amazon API Gateway b.) Amazon OpenSearch. c.) Amazon ElastiCache d.) Lambda@Edge e.) Amazon EMR

a.) Amazon API Gateway d.) Lambda@Edge AWS provides a set of fully managed services that you can use to build and run serverless applications. Serverless applications don't require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS handles all of these capabilities for you. This allows you to focus on product innovation while enjoying faster time-to-market. AWS Lambda, Lambda@Edge, and AWS Fargate are the services that you can use for serverless computing. For your API Proxy, you can leverage the power of the Amazon API Gateway service.

Which service would you use to speed up content delivery to your customers? a.) Amazon CloudFront b.) Amazon S3 Transfer Acceleration c.) Amazon CloudWatch d.) AWS CloudTrail

a.) Amazon CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS - both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. CloudFront works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers' users and to customize the user experience.

Which of the following are defined as global services in AWS? (Select TWO.) a.) Amazon CloudFront b.) AWS Identity and Access Management (IAM) c.) AWS Batch d.) Amazon RDS e.) Amazon DynamoDB

a.) Amazon CloudFront b.) AWS Identity and Access Management (IAM) AWS Batch, Amazon RDS, and Amazon DynamoDB are incorrect because these are considered regional services and not global.

Which of the following is a fully managed database in AWS that can be used to store JSON documents? a.) Amazon DynamoDB b.) Amazon Aurora c.) Amazon ElastiCache d.) Amazon Redshift

a.) Amazon DynamoDB Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It's a fully managed, multi-region, multi-master, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications. This is the perfect database to use for JSON-type documents. Amazon Aurora is incorrect because this is a MySQL and PostgreSQL-compatible relational database. It will not be able to store JSON-type documents. Amazon ElastiCache is incorrect because this is a service that offers a fully managed Redis and Memcached. Elasticache is a caching service and is not suited for persistent NoSQL database entries. Amazon Redshift is incorrect because this is a data warehousing service that uses columnar storage. This is not the best option compared to using Amazon DynamoDB.

What services will help you create a highly available and scalable web app in the cloud? (Select TWO.) a.) Amazon EC2 Auto Scaling b.) Amazon CloudWatch c.) AWS ELB d.) Amazon CloudFront e.) Amazon AppStream 2.0

a.) Amazon EC2 Auto Scaling c.) AWS ELB The purpose of automatic scaling is to automatically increase the size of your Auto Scaling group when demand goes up and decrease it when demand goes down. As capacity is increased or decreased, the Amazon EC2 instances being added or removed must be registered or deregistered with a load balancer. This enables your application to automatically distribute incoming web traffic across such a dynamically changing number of instances.

Which of the following is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads? a.) Amazon GuardDuty b.) Amazon Macie c.) AWS Shield d.) AWS WAF

a.) Amazon GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities are simplified, but it can be time-consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you now have an intelligent and cost-effective option for continuous threat detection in the AWS Cloud.

The IT Security team of your company needs to conduct a vulnerability analysis on your application servers to ensure that the EC2 instances comply with the annual security IT audit. You need to set up an automated security assessment service to improve the security and compliance of your applications. The solution should automatically assess applications for exposure, vulnerabilities, and deviations from the AWS best practices. Which of the following options would you implement to satisfy this requirement? a.) Amazon Inspector b.) AWS WAF c.) AWS Snowball Edge d.) Amazon CloudFront

a.) Amazon Inspector Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.

Which is a machine learning-powered security service that discovers, classifies, and protects sensitive data such as personally identifiable information (PII) or intellectual property? a.) Amazon Macie b.) Amazon Rekognition c.) Amazon GuardDuty d.) Amazon Cognito

a.) Amazon Macie Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks.

Which service allows you to add powerful visual analysis feature to your applications that enables you to search, verify, and organize millions of images? a.) Amazon Rekognition b.) Amazon Macie c.) Amazon SageMaker d.) Amazon CloudSearch

a.) Amazon Rekognition Amazon Macie is incorrect because it is a security service and not suitable for visual analysis. It uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon SageMaker is incorrect because this is a service that provides every developer and data scientist with the ability to build, train, and deploy machine learning models quickly in AWS. Amazon CloudSearch is incorrect because this service is used to set up, manage, and scale a search solution for your website or application in AWS.

A new AWS customer needs to deploy up to 100 t3a.large EC2 instances on their recently launched VPC, which is way beyond the default service limit. What should they do so they can launch their additional instances? a.) Create a case in the AWS Support Center page and request a service limit increase. b.) Enable Enhanced Networking c.) Use AWS Trusted Advisor to increase the default service limits for EC2 instances d.) Do nothing. You can directly launch 100 t3a.large EC2 instances at the same time since AWS will automatically increase your service limit for you

a.) Create a case in the AWS Support Center page and request a service limit increase.

What is the most secure way to provide applications temporary access to your AWS resources? a.) Create an IAM role and have the application assume the role. b.) Create an IAM user with access keys and assign it to the application c.) Create an IAM group that has access to the resources, and add the application there d.) Create an IAM policy that allows the application to access the resources, and attach the policy to the application

a.) Create an IAM role and have the application assume the role.

Which of the following cloud best practices reinforces the use of the Service-Oriented Architecture (SOA) design principle? a.) Decouple your components. b.) Think parallel c.) Implement elasticity d.) Design for failure

a.) Decouple your components.

When a company uses AWS and decouple from their on-premises data center, they will be able to have which of the following benefits? (Select TWO.) a.) Decrease your TCO b.) Replace low variable costs with upfront capital expenses (CAPEX) c.) Reduce time to market d.) Massive discounts for bare metal servers from Amazon.com e.) Deferred payments to their operational expenditures

a.) Decrease your TCO c.) Reduce time to market

Which of the following is true regarding the Business support plan in AWS? a.) Provides a 15-minute response time support if your production system goes down b.) Provides a 1-hour response time support if your production system goes down. c.) Provides a 15-minute response time support if your business-critical system goes down d.) Provides a 1-hour response time support if your production system got impaired

a.) Provides a 15-minute response time support if your production system goes down

In Amazon EC2, which pricing construct adjusts its price based on supply and demand of EC2 instances? a.) Spot Instance b.) Standard Reserved Instance c.) Convertible Reserved Instance d.) On-Demand Instance

a.) Spot Instance

Which of the following are pillars of the AWS Well-Architected Framework? (Select TWO.) a.) Sustainability b.) High Availability, Scalability c.) Performance Efficiency d.) Agility

a.) Sustainability c.) Performance Efficiency The Well-Architected Framework has been developed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. This is based on six pillars namely: 1. Operational Excellence 2. Security 3. Reliability 4. Performance Efficiency 5. Cost Optimization 6. Sustainability

Which of the following actions will AWS charge you for? a.) Transfer of EC2 files between two AWS Regions b.) Network charges for the transfer of data from your data center to S3 through a VPN c.) Provisioning Elastic IPs and attaching them to running EC2 instances d.) Setting up additional VPCs in your account

a.) Transfer of EC2 files between two AWS Regions AWS charges you for data transferred between two different Regions. This is similar to the costs incurred from the data transfer between the AWS network and the public internet.

A customer is building a cloud architecture in AWS which should scale horizontally or vertically in order to automatically adjust capacity and maintain steady, predictable performance at the lowest possible cost. Which of the following statements are true regarding horizontal and vertical scaling? (Select TWO.) a.) Upgrading to a higher EC2 instance type is an example of Vertical Scaling b.) Adding more EC2 instances to your resource pool is an example of Vertical Scaling c.) Adding more EC2 instances to your resource pool is an example of Horizontal Scaling. d.) Upgrading to a higher EC2 instance type and adding more EC2 instances to your resource pool are both examples of Horizontal Scaling e.) Upgrading to a higher EC2 instance type is an example of Horizontal Scaling

a.) Upgrading to a higher EC2 instance type is an example of Vertical Scaling c.) Adding more EC2 instances to your resource pool is an example of Horizontal Scaling.

Which of the following policies grant the necessary permissions required to access your Amazon S3 resources? (Select TWO.) a.) User policies b.) Bucket policies c.) Routing policies d.) Network access control policies e.) Object policies

a.) User policies b.) Bucket policies

Which of the following is a valid characteristic of an IAM Group? a.) Groups can be nested b.) A group can contain many users, and a user can belong to multiple groups. c.) There's no limit to the number of groups you can haver d.) IAM Policy Simulator There is a default group that automatically includes all users in the AWS account

b.) A group can contain many users, and a user can belong to multiple groups.

Which of the following allows you to create and deploy infrastructure-as-code templates in AWS? a.) AWS Elastic Beanstalk b.) AWS CloudFormation c.) Amazon Lightsail d.) AWS Systems Manager

b.) AWS CloudFormation AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This gives you a single source of truth for your AWS resources. AWS CloudFormation is available at no additional charge, and you pay only for the AWS resources needed to run your applications. AWS CloudFormation allows you to model your entire infrastructure with either a text file or programming languages. This provides a single source of truth for your AWS resources and helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting.

Which is a fully-managed source control service that allows you to host Git-based repositories and enable code collaboration for your team via pull requests, branching, and merging? a.) AWS CodeStar. b.) AWS CodeCommit c.) AWS CodeBuild d.) AWS CodeDeploy

b.) AWS CodeCommit AWS CodeCommit is a fully managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. AWS CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use AWS CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.

Which service does AWS use to notify you when AWS is experiencing events that may impact you? a.) AWS Support Center b.) AWS Personal Health Dashboard. c.) Amazon SNS d.) AWS Service Health Dashboard

b.) AWS Personal Health Dashboard. AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

Which of the following is the most cost-effective instance purchasing option for hosting an application which will run non-interruptible workloads for a period of three years? a.) Amazon EC2 Spot Instances b.) Amazon EC2 Standard Reserved Instances. c.) Amazon EC2 Convertible Reserved Instances d.) Amazon EC2 On-Demand Instances

b.) Amazon EC2 Standard Reserved Instances.

Which AWS service is commonly used for streaming data in real-time? a.) Amazon OpenSearch Service b.) Amazon Kinesis c.) Amazon EMR d.) Amazon Data Pipeline

b.) Amazon Kinesis Amazon Kinesis is the service used to ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications. Amazon Kinesis enables you to process and analyze data as it arrives and responds instantly instead of having to wait until all your data is collected before the processing can begin.

Which of the following will allow you to create a data warehouse in AWS for your business intelligence needs? a.) Amazon Relational Database Service (Amazon RDS) b.) Amazon Redshift c.) Amazon DynamoDB d.)Amazon S3

b.) Amazon Redshift Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools. It allows you to run complex analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance local disks, and massively parallel query execution. Most results come back in seconds. With Redshift, you can start small for just $0.25 per hour with no commitments and scale out to petabytes of data for $1,000 per terabyte per year, less than a tenth the cost of traditional solutions.

There is an incident with your team where an S3 object was deleted using an account without the owner's knowledge. What can be done to prevent unauthorized deletion of your S3 objects? a.) Set up stricter IAM policies that will prevent users from deleting S3 objects b.) Configure MFA delete on the S3 bucket c.) Create access control policies so that only you can perform S3-related actions d.) Set your S3 buckets to private so that objects are not publicly readable/writable

b.) Configure MFA delete on the S3 bucket

Which of the following is one of the benefits of migrating your systems from an on-premises data center to AWS Cloud? a.) Enables the customer to eliminate high IT infrastructure costs since cloud computing is absolutely free b.) Enables the customer to focus on business activities rather than on the heavy lifting of racking, stacking, and powering servers. c.) Completely eliminate the administrative overhead of patching the guest operating system of their EC2 instances d.) Eliminates the need for the customer to implement client-side or service-side encryption for their data

b.) Enables the customer to focus on business activities rather than on the heavy lifting of racking, stacking, and powering servers.

A customer has a number of on-demand instances running simultaneously to serve customer transactions. Occasionally, most of these instances do not perform any tasks when demand is low. What is a good cost optimization strategy to implement for this case? a.) Using spot instances b.) Implement an auto scaling group to control the number of running instances at a time. c.) Creating a script to shut down an instance d.) Scaling up your instances to a higher instance type

b.) Implement an auto scaling group to control the number of running instances at a time.

Which of the following tasks fall under the sole responsibility of AWS based on the shared responsibility model? a.) Implementing IAM policies b.) Physical and environmental controls c.) Applying Amazon S3 bucket policies d.) Patch Management

b.) Physical and environmental controls

_______ is a cloud design principle which supports growth in users, traffic, or data size with no drop-in performance. a.) Think parallel b.) Scalability c.) Design for failure d.) Go Serverless to reduce compute footprint

b.) Scalability

A company wants to launch a Microsoft SQL Server database in AWS. The database instance should only be managed by the company's DBA and must be accessible via RDP. A standard license for SQL Server is required but the company is not yet sure how much CPU and memory to allocate to the database. Which option gives the most convenience and flexibility to determine the best database size while still being cost-effective? a.) Launch an EC2 instance and install MS SQL Server. Purchase a Standard MSSQL license from Microsoft and apply it to the database you installed b.) Use a Windows Server with SQL Server Standard bundled AMI so you won't need to buy and manage your own license c.) Launch an RDS instance that runs MS SQL Server Standard. Purchase a Standard MSSQL license and store it in the AWS Managed Services (AMS) d.) Launch an Amazon Aurora database that runs MS SQL Server. Buy a Standard MSSQL license from the AWS License Manager service

b.) Use a Windows Server with SQL Server Standard bundled AMI so you won't need to buy and manage your own license

In AWS, which of the following is a design principle that you should implement when designing your cloud architecture? a.) Tightly couple your components b.) Use multiple Availability Zones c.) Always use large servers to anticipate increase usage d.) Utilize free or open-source software

b.) Use multiple Availability Zones

In the AWS Shared Responsibility Model, whose responsibility is it to patch the host operating system of an Amazon EC2 instance? a.) Customer b.) Both AWS and the customer c.) AWS d.) Neither AWS nor the customer

c.) AWS

In compliance with the Sarbanes-Oxley Act (SOX) federal law, a US-based company is required to provide SOC 1 and SOC 2 reports of their cloud resources. Where are these AWS compliance documents located? a.) AWS GovCloud b.) AWS Organizations c.) AWS Artifact d.) AWS Certificate Manager

c.) AWS Artifact

What service will allow you to sell your catalog of custom AMIs in AWS? a.) Amazon Mechanical Turk b.) AWS Service Catalog c.) AWS Marketplace d.) Amazon CloudSearch

c.) AWS Marketplace AWS Marketplace is a curated digital catalog that customers can use to find, buy, deploy, and manage third-party software, data, and services that customers need to build solutions and run their businesses. AWS Marketplace includes thousands of software listings from popular categories such as security, networking, storage, machine learning, business intelligence, database, as well as related professional services to help you manage and support those solutions. AWS Marketplace also simplifies software licensing and procurement with flexible pricing options and multiple deployment methods. In addition, AWS Marketplace includes data products available from AWS Data Exchange.

Which of the following are the characteristics of Amazon EC2 Convertible Reserved Instances? (Select TWO.) a.) Allows you to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or lesser value b.) Provides the most significant discount of the RI types and are best suited for steady-state usage c.) Allows the change of instance family, operating system, tenancy, and payment option d.) Has the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. e.) Allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month

c.) Allows the change of instance family, operating system, tenancy, and payment option d.) Has the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value.

You are permitted to conduct security assessments and penetration testing without prior approval against which AWS resources? (Select TWO.) a.) Amazon S3 b.) AWS Identity and Access Management (IAM) c.) Amazon RDS d.) Amazon Aurora e.) AWS Security Token Service (STS)

c.) Amazon RDS d.) Amazon Aurora

__________ lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. a.) Virtual Private Gateway b.) Amazon LightSail c.) Amazon VPC dAmazon WorkSpaces

c.) Amazon VPC Amazon Virtual Private Cloud (Amazon VPC) Amazon LightSail is incorrect because this service is just a virtual private server (VPS) solution which provides developers with compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud. Virtual Private Gateway is incorrect because this is primarily used for connecting your on-premises network to your VPC. Amazon WorkSpaces is incorrect because this is just a Desktop-as-a-Service (DaaS) solution in AWS which allows you to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.

A customer needs to retrieve the instance ID, instance profile permissions, and kernel information of their EC2 instance for an app that is running within the same instance. Where can the customer find these information? a.) Instance user data b.) Resource tag c.) Instance metadata d.) Amazon Machine Image

c.) Instance metadata Instance metadata is the data about your instance that you can use to configure or manage the running instance. You can get the instance ID, public keys, public IP address and many other information from the instance metadata by entering the following URL in your instance:

Which of the following is the benefit of using Amazon Relational Database Service (Amazon RDS) over traditional database management? a.) Automatically apply both client-side and server-side encryption to your data by default b.) Automatically scales up the instance type of your RDS cluster based on demand c.) Lower the administrative burden through automatic software patching and maintenance of the underlying operating system d.) It is five times faster than standard MySQL databases and three times faster than standard PostgreSQL databases

c.) Lower the administrative burden through automatic software patching and maintenance of the underlying operating system

Which of the following actions below will allow you to take advantage of volume discounts in AWS? a.) Upgrade to an AWS Enterprise support plan b.) Opt for an All upfront Convertible Reserved Instance pricing for a 3-year term c.) Use AWS Organizations and enable the consolidated billing feature. d.) Move all of your AWS resources from multiple accounts to a single global account

c.) Use AWS Organizations and enable the consolidated billing feature. For billing purposes, AWS treats all the accounts in the organization as if they were one account. Some services, such as Amazon EC2 and Amazon S3, have volume pricing tiers across certain usage dimensions that give you lower prices the more you use the service.

A company plans to migrate their on-premises MySQL database to Amazon RDS. Which AWS service should they use for this task? a.) AWS Schema Conversion Tool (AWS SCT) b.) AWS Server Migration Service c.) AWS Direct Connect d.) AWS Database Migration Service (AWS DMS)

d.) AWS Database Migration Service (AWS DMS) AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases.

A company needs to troubleshoot an issue on their serverless application which is composed of an API Gateway, Lambda function, and a DynamoDB database. Which service should they use to trace user requests as they travel through their entire application? a.) Amazon CloudWatch b.) Amazon Inspector c.) AWS CloudTrail d.) AWS X-Ray

d.) AWS X-Ray AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components.

Which of the following should you use if you need to provide temporary AWS credentials for users who have been authenticated via their social media logins as well as for guest users who do not require any authentication? a.) Amazon Cognito User Pool b.) Amazon Cognito Sync c.) AWS Single Sign-On d.) Amazon Cognito Identity Pool

d.) Amazon Cognito Identity Pool Amazon Cognito Identity Pool provides temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. An identity pool is a store of user identity data specific to your account. Amazon Cognito identity pools enable you to create unique identities and assign permissions for users. Your identity pool can include: - Users in an Amazon Cognito user pool - Users who authenticate with external identity providers such as Facebook, Google, or a SAML-based identity provider - Users authenticated via your own existing authentication process

Which service allows you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available? a.) Amazon SWF b.) Amazon Route 53 c.) Amazon SES d.) Amazon SQS

d.) Amazon SQS Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware, and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

Agility is one of the benefits of using cloud computing that provides customer with what advantage? a.) Avoid overprovisioning of your infrastructure to ensure you have enough capacity to handle your business operations at the peak level of activity b.) Allows you to trade capital expense for variable expense c.) Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers. d.) Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.

d.) Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.

Which among the services below can you use to test and troubleshoot IAM and resource-based policies? a.) AWS Config b.) AWS Systems Manager c.) Amazon Inspector d.) IAM Policy Simulator

d.) IAM Policy Simulator The IAM policy simulator evaluates the policies that you choose and determines the effective permissions for each of the actions that you specify. The simulator uses the same policy evaluation engine that is used during real requests to AWS services. But the simulator differs from the live AWS environment in the following ways: - The simulator does not make an actual AWS service request, so you can safely test requests that might make unwanted changes to your live AWS environment. - Because the simulator does not simulate running the selected actions, it cannot report any response to the simulated request. The only result returned is whether the requested action would be allowed or denied. - If you edit a policy inside the simulator, these changes affect only the simulator. The corresponding policy in your AWS account remains unchanged.

Which of the following is used to enable instances in the public subnet to connect to the public Internet? a.) NAT Gateways b.) API Gateway c.) NAT Instances d.) Internet Gateway

d.) Internet Gateway An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

Which of the following should you use to automatically transfer your infrequently accessed data in your S3 bucket to a more cost-effective storage class? a.) S3 access control list b.)Cross-Origin Resource Sharing (CORS) c.) Cross-Region replication d.) Lifecycle policy

d.) Lifecycle policy

Which of the following is typically used to secure your VPC subnets? a.) Security group b.) AWS IAM c.) AWS Config d.) Network ACL

d.) Network ACL A network access control list (ACL) A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

A customer currently has a Basic support plan and they are planning to use the Infrastructure Event Management, Well-Architected Reviews and Operations Reviews features in AWS. What should they do in order to access these features in the most cost-effective manner? a.) None since these features are already included in their Basic support plan b.) Upgrade to Developer support plan c.) Upgrade to Business support plan d.) Upgrade to Enterprise support plan

d.) Upgrade to Enterprise support plan

A space agency is using Amazon S3 to store their high-resolution satellite images and videos everyday. Which of the following should they do to minimize the upload time? a.) Use the BatchWriteItem API b.) Shift to S3 Intelligent-Tiering storage class c.) Enable Cross-Origin Resource Sharing (CORS) d.) Use the Multipart Upload API

d.) Use the Multipart Upload API Multipart upload allows you to upload a single object as a set of parts. Each part is a contiguous portion of the object's data. You can upload these object parts independently and in any order. If transmission of any part fails, you can retransmit that part without affecting other parts. After all parts of your object are uploaded, Amazon S3 assembles these parts and creates the object. In general, when your object size reaches 100 MB, you should consider using multipart uploads instead of uploading the object in a single operation.


Conjuntos de estudio relacionados

Taxes, Retirement, and Other Insurance Concepts

View Set

More practice WACC questions - MCGRAWhill

View Set