AWS Cloud Practitioner
Which of the following is NOT a database service in AWS? A. Amazon EBS B. Amazon Redshift C. Amazon Neptune D. Amazon Aurora
A. Amazon EBS Amazon EBS is a storage service providing virtual hard disks in the cloud, while the other services listed are database services.
Which benefit of cloud computing helps you innovate faster and gives you speed to market? A. Durability B. High availability C. Elasticity D. Agility
Agility The cloud gives you increased agility. All the services you have access to help you innovate faster, giving you speed to market.
Which of the following describes a subnet accurately? A. The Amazon VPC side of a connection to the public Internet. B. A segment of a VPC's IP address range where you can place groups of isolated resources. C. The Amazon VPC side of a VPN connection. D. A logically isolated virtual network in the AWS cloud.
B. A segment of a VPC's IP address range where you can place groups of isolated resources. A virtual private cloud, or VPC, is the virtual network you create in your AWS account. When you create a VPC, you split it into smaller network segments by specifying a range of IP addresses. These segments are referred to as subnets, and this is where you launch your AWS resources.
Which resource types are delivered on-demand via cloud computing with pay-as-you-go pricing? Choose 3 A. IT support B. Storage C. Compute D. Database
B. Storage C. Compute D. Database Cloud computing delivers storage services, like Amazon S3, via the internet with pay-as-you-go pricing. Cloud computing delivers compute services, like Amazon EC2 and AWS Lambda, via the internet with pay-as-you-go pricing. Cloud computing delivers database services, like Amazon RDS and Amazon Aurora, via the internet with pay-as-you-go pricing.
Which of the following enables you to interact with AWS services using only textual commands? A. Amazon API Gateway B. AWS SDK C. AWS CLI D. AWS Management Console
C. AWS CLI 'CLI' stands for 'Command Line Interface', which is the open source tool used for executing tasks in AWS by typing and entering textual commands.
An auditor is conducting an audit of your IT operations for compliance. The auditor requests visibility to logs of event history across your AWS-based employee expense system infrastructure. Which AWS service will record and provide you the information you need? A. AWS Compliance Manager B. AWS Systems Manager C. AWS CloudTrail D. AWS CloudWatch Logs
C. AWS CloudTrail AWS CloudTrail provides visibility to API call activity for AWS infrastructure and other services. AWS Cloudwatch Logs might be part of a centralized logging solution, but all API event information will come from CloudTrail. AWS Systems Manager can process EC2 logs only, and AWS Compliance Manager is not a service offered by AWS.
Which following statement is true of newly created security groups with their default rules? A. New security groups allow both incoming and outbound traffic. B. New security groups block outbound traffic and allow all incoming traffic. C. New security groups allow only outbound traffic and block all incoming traffic. D. New security groups block both incoming and outbound traffic.
C. New security groups allow only outbound traffic and block all incoming traffic. By default, new security groups start with only an outbound rule to allow all traffic to leave the instances. You must add rules to enable any inbound traffic.
The AWS Global Infrastructure comprises Regions, Availability Zones, and edge locations, and there is a different number of each infrastructure element. Select the option that shows the correct order from greatest to least. A. Number of Availability Zones > Number of Edge Locations > Number of Regions B. Number of Regions > Number of Availability Zones > Number of Edge Locations C. Number of Edge Locations > Number of Availability Zones > Number of Regions D. Number of Availability Zones > Number of Regions > Number of Edge Locations
C. Number of Edge Locations > Number of Availability Zones > Number of Regions The number of edge locations is greater than the number of Availability Zones, which is greater than the number of Regions. Regions contain Availability Zones, therefore there will always be more AZs than Regions.
Which of the following is AWS' managed DDoS protection service? A. Security groups B. AWS WAF C. Access control lists D. AWS Shield
D. AWS Shield AWS Shield is AWS' managed DDoS protection service at Layer 4.
Users need to access AWS resources from the Command Line Interface. Which IAM option can be used for authentication? A. IAM policy B. IAM role C. IAM group D. Access keys
D. Access keys You must provide your AWS access keys to make programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell.
Which of the following AWS services can be used to create billing alarms? A. Cost Explorer B. Macie C. Athena D. CloudWatch
D. CloudWatch The CloudWatch service is used to create billing alarms.
Your company has recently migrated large amounts of data to the AWS Cloud in S3 buckets. It is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that? A. CloudTrail B. AWS Inspector C. GuardDuty D. Amazon Macie
S. Amazon Macie Macie helps you discover and protect sensitive data.
Adding resources to your application as user demand grows is an example of which cloud concept? A. Elasticity B. Scalability C. Automation D. High availability
Scalability Scalability is the concept that, as cloud has essentially limitless capacity, it allows you to expand out as needed - as detailed in the question.
Your company has entered into a 3-year contract with a government agency. Your best option for EC2 is Reserved Instances. Which AWS feature would you use to track your Reserved Instance usage? A. AWS Cost and Usage Report B. Trusted Advisor C. AWS CloudTrail D. AWS Organizations
A. AWS Cost and Usage Report The Cost and Usage Report contains the most comprehensive set of cost and usage data
Which of the following are part of the AWS storage services category? (Choose 3) A. Amazon EFS B. Amazon S3 C. Storage Gateway D. Amazon Redshift E. Amazon RDS
A. Amazon EFS EFS is storage service. B. Amazon S3 S3 is a storage service. C. Storage Gateway Storage Gateway is a storage service.
Which of the following falls under AWS compute services category? (Choose 3) A. Amazon Lightsail B. Budgets C. Amazon Elastic Beanstalk D. Amazon Elastic File System (EFS) E. Amazon Relational Database Services (RDS) F. Amazon Elastic Compute Cloud (EC2)
A. Amazon Lightsail Lightsail is a compute service. C. Amazon Elastic Beanstalk Elastic Beanstalk is a compute service used to deploy web applications. F. Amazon Elastic Compute Cloud (EC2) EC2 is a compute service.
Which type of expense includes upfront purchases toward fixed assets? A. Capital expenditures (CapEx) B. Operating expenses (OpEx) C. Research and development expenditures D. Marketing expenditures
A. Capital expenditures (CapEx) Capital expenditures are upfront purchases toward fixed assets.
Enabling Amazon GuardDuty automatically grants the service permission to analyze continuous metadata streams from which of the following data sources? (Choose 3) A. DNS query logs B. AWS CloudTrail logs C. Amazon S3 buckets D. VPC Flow Logs
A. DNS query logs This option only works if you use AWS DNS resolvers for your EC2 instances. GuardDuty will be able to access and process your request and response DNS logs through the internal DNS resolvers. When you enable GuardDuty, it will immediately start analyzing DNS logs through an independent data stream. B. AWS CloudTrail logs AWS CloudTrail provides you with a history of AWS API calls for your account, including API calls made using the AWS Management Console, AWS SDKs, command-line tools, and higher-level AWS services. CloudTrail also allows you to identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address that the calls were made from, and when the calls occurred. When you enable GuardDuty, it immediately starts analyzing your CloudTrail event logs. It consumes CloudTrail management and S3 data events directly from CloudTrail. D. VPC Flow Logs VPC Flow Logs captures information about the IP traffic going to and from Amazon EC2 network interfaces in your VPC. When you enable GuardDuty, it immediately starts analyzing your VPC Flow Logs data. It consumes VPC Flow Logs events directly from the VPC Flow Logs feature through an independent and duplicative stream of flow logs.
What does the concept of durability mean in a cloud computing environment? A. Durability offers long-term data protection. B. Durability allows you to provision only the resources you need. C. Durability helps you to innovate faster. D. Durability helps to avoid a loss of service.
A. Durability offers long-term data protection. In cloud computing, durability means your data will be kept free of corruption.
In AWS, you can stop or terminate instances when not in use. Which of the following concepts describes this capability? A. Elasticity B. Automation C. Loose coupling D. Scalability
A. Elasticity Elasticity denotes the ability to increase or reduce the number or capabilities of AWS resources when needed. In this case, stopping or terminating instances means you are reducing the number of AWS resources used in your environment.
An application that experiences highly variable traffic throughout the day has been configured in AWS. The capacity configured to serve this application adjusts to demands throughout the day. Which AWS principle does this describe? A. Elasticity B. Viscosity C. Durability D. High availability
A. Elasticity With elasticity, you do not have to plan ahead of time how much capacity you need. You can provision only what you need, and then grow and shrink based on demand
Which of the following are characteristics of Availability Zones (AZs)? (Choose 3) A. Fault tolerant B. Connected through low-latency links C. Data centers housed in the same facility D. Physically separated
A. Fault tolerant AZs are fault tolerant. B. Connected through low-latency links AZs are connected to each other through low-latency links. D. Physically separated AZs are physically separated.
Which of the following statements are true of Amazon Aurora? (Choose 2) A. It is a Relational Database Service (RDS) database engine developed by Amazon. B. It is compatible with Oracle. C. It can deliver up to five times the throughput of MySQL. D. It is compatible with MariaDB.
A. It is a Relational Database Service (RDS) database engine developed by Amazon. Aurora is an RDS engine developed by Amazon. C. It can deliver up to five times the throughput of MySQL. Aurora is 5x faster than normal MySQL and 3x faster than normal PostgreSQL
Which of the following statements are true of Amazon Redshift? (Choose 2) A. It is designed for storing petabytes of data. B. It stores unstructured data. C. It is a data warehouse service. D. It is used for transactional systems.
A. It is designed for storing petabytes of data. Amazon Redshift is AWS's data warehouse service designed to scale up to petabytes of structured data. C. It is a data warehouse service. Amazon Redshift is AWS's data warehouse service designed to scale up to petabytes of structured data
Which of the following is true of AWS Lambda? (Choose 3) A. It lets you run code without provisioning or managing servers. B. It supports several popular programming languages for writing application code. C. It triggers charges whether your code is running or not. D. It is a serverless computing platform.
A. It lets you run code without provisioning or managing servers. This is true. Lambda is considered serverless because you can run code without provisioning or managing servers. B. It supports several popular programming languages for writing application code. Lambda supports several popular programming languages like Java, Python, Node.js, etc. D. It is a serverless computing platform. You can build serverless applications composed of functions.
You need to execute code in response to a specific change to your S3 bucket. Which of the following compute services should you choose to execute your code? A. Lambda B. Lightsail C. EC2 D. Direct Connect
A. Lambda Lambda is event-driven, and a change to an S3 bucket is an example of an event.
AWS uses the shared responsibility model. For security, which of the following are the responsibilities of AWS? (Choose 3) A. Network patching B. User password rules C. Configure security groups D. Physically securing compute resources E. Disk disposal
A. Network patching Network patching is one of AWS's responsibilities, as it is connected to the infrastructure AWS handles. D. Physically securing compute resources AWS is in charge of physically securing compute resources, as it is part of the infrastructure that runs all of the services offered in the AWS cloud. E. Disk disposal Disk disposal is one of AWS's responsibilities, as it is connected to the infrastructure AWS handles
Which of the following does Amazon ensure will happen when paying for AWS on an as-needed basis? (Choose 3) A. Redirecting focus to innovation and invention B. Spending less money in the long term C. Spending more money in the long term D. Enabling the full elasticity of business operations E. Reducing procurement complexity
A. Redirecting focus to innovation and invention Amazon provides certain benefits when you pay for services on an as-needed basis for your business, so you can spend more time innovating and inventing. D. Enabling the full elasticity of business operations Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently enables your business to be fully elastic. E. Reducing procurement complexity Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently reduces the complexity of procurement.
Which of the following are characteristics of cloud computing? Choose 3 A. Services are delivered via the internet. B. Pay-as-you-go pricing C. On-demand delivery D. Cloud charges are capital expenditures.
A. Services are delivered via the internet. B. Pay-as-you-go pricing C. On-demand delivery Cloud computing services are offered via the internet and managed through a web browser. Cloud computing allows you to pay only for services you are currently using. With cloud computing, you are able to enable and disable services to meet your immediate needs.
AWS defines a hybrid cloud as a combination of public and private clouds. A. True B. False
A. True A hybrid cloud is created when private and public clouds are combined.
True or False? As a security best practice, the AWS account root user should be protected by multi-factor authentication (MFA). A. True B. False
A. True AWS advises to enable AWS multi-factor authentication (MFA) on your AWS account root user. For more information, see Using multi-factor authentication (MFA) in AWS. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html
Which of the following are AWS Security, Identity, and Compliance services? (Choose 3) A. AWS Organizations B. AWS Secrets Manager C. AWS Security Hub D. AWS Key Management Service (KMS)
B. AWS Secrets Manager Secrets Manager protects the secrets you use for access to applications and services C. AWS Security Hub Security Hub consolidates your view of your security and compliance status in the cloud. D. AWS Key Management Service (KMS) KMS makes it easy to create and manage cryptographic keys.
Which AWS service can be used to detect and prevent distributed denial-of-service attacks against services hosted on AWS? A. AWS WAF B. AWS Shield C. AWS Inspector D. Amazon GuardDuty
B. AWS Shield Shield is a managed distributed denial-of-service (DDoS) protection service. Shield Standard provides free protection against common and frequently occurring attacks. Shield Advanced provides enhanced protections and 24/7 access to AWS experts for a fee.
You have been tasked with going into the AWS company account and getting information on saving money, improving system performance and reliability, and closing security gaps. Which tool can you use to get this information? A. AWS Inspector B. AWS Trusted Advisor C. AWS Cost and Usage Report D. CloudWatch
B. AWS Trusted Advisor Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.
Which of the following is NOT 1 of the 3 main models for cloud computing? A. Platform as a Service B. Access as a Service C. Software as a Service D. Infrastructure as a Service
B. Access as a Service Access as a Service is NOT an available cloud computing model.
Which defines one or more discrete data centers with redundant power, networking, and connectivity? A. AWS Local Zones B. Availability Zone C. Region D. Edge location
B. Availability Zone An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZs are physically separated by a meaningful distance, many kilometers, from any other AZ, although all are within 100 km (60 miles) of each other
Which of the following support plans features access to AWS Support via email only during business hours? A. Enterprise B. Developer C. Business D. Basic
B. Developer The Developer Support plan features access to AWS Support during business hours via email.
Which of the following best describes Availability Zones (AZs)? A. A content distribution network used to deliver content to users B. Distinct locations from within an AWS Region that are engineered to be isolated from failures C. Two zones containing compute resources that are designed to automatically maintain synchronized copies of each other's data D. Restricted areas designed specifically for the creation of virtual private clouds (VPCs) that span AZs
B. Distinct locations from within an AWS Region that are engineered to be isolated from failures Availability Zones are distinct locations from within an AWS Region that are engineered to be isolated from failures. Each Region is made up of 1 or more AZs. Availability Zones host almost every AWS service, including EC2 instances, S3 buckets, and much more. Some services will maintain copies of your data between Availability Zones, but this is dependent on the individual service (for example, S3 can store data in multiple AZs, whereas an EC2 instance is tied to a single AZ).
Which term refers to the Identity and Access Management (IAM) resource objects that AWS uses for authentication? A. Identities B. Entities C. Principal D. Resources
B. Entities IAM entities are the users (IAM users and federated users) and roles that are created and used for authentication.
You are working with IAM and need to attach policies to users, groups, and roles. Which of the following will you be attaching these policies to? A. Entities B. Identities C. Principals D. Resources
B. Identities Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.
Which of the following statements are true of Amazon Aurora? (Choose 2) A. It can deliver up to three times the throughput of MySQL. B. It is compatible with the MySQL and PostgreSQL database engines. C. It uses the AWS Management Console, AWS CLI commands, and API operations to handle routine database tasks. D. It is part of the Amazon DynamoDB service.
B. It is compatible with the MySQL and PostgreSQL database engines. Amazon Aurora is compatible with MySQL and PostgreSQL. C. It uses the AWS Management Console, AWS CLI commands, and API operations to handle routine database tasks. You can handle routine database tasks on it using either the AWS Management Console, AWS CLI commands, or API operations.
Which of the following is a geographic area containing multiple Availability Zones (AZs)? A. Data center B. Region C. Edge location D. Global zone
B. Region A Region is a physical location that is grouped into a larger geographic area for ease of management. A Region is a collection of AZs.
When considering the security of an AWS EC2 instance, which of the below are users responsible for? (Choose 2) A. Patching and maintenance of server hardware B. Security configuration C. Physical and environmental controls D. Patching and maintenance of OS and applications
B. Security configuration Under the Shared Responsibility Model, users are entirely responsible for the security, patching, and maintenance of AWS IaaS services such as EC2. AWS will only take care of the underlying hardware used to provide the service. D. Patching and maintenance of OS and applications Under the Shared Responsibility Model, users are entirely responsible for the security, patching, and maintenance of AWS IaaS services such as EC2. AWS will only take care of the underlying hardware used to provide the service.
Which of the following statements are true of the AWS Free Tier? (Choose 2) A. Amazon S3 storage of up to 5 GB is always free. B. Some AWS services come with short-term free trial offers. C. Some AWS services are free for the first 12 months following the initial sign-up date to AWS. D. You will never be charged for use of EC2 Micro instances.
B. Some AWS services come with short-term free trial offers. The AWS Free Tier offers some services for free for the first 12 months after signing up for an AWS account. It also offers free trials of select AWS services for a short period. So, usage is governed by these principles C. Some AWS services are free for the first 12 months following the initial sign-up date to AWS. The AWS Free Tier offers some services for free for the first 12 months after signing up for an AWS account. It also offers free trials of select AWS services for a short period. So, usage is governed by these principles.
Which of the following AWS services is an example of Platform as a Service? A. AWS Lambda B. Amazon Virtual Private Cloud C. AWS Elastic Beanstalk D. Amazon S3
C. AWS Elastic Beanstalk Platform as a Service, or PaaS, enables the development, running, and management of applications on the cloud without the need to build and maintain an infrastructure. That is precisely what Elastic Beanstalk provides; it's the ability to quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications.
A company has multiple AWS accounts across multiple Regions. Which AWS service can be used to manage these accounts and provide consolidated billing? A. CloudFormation B. Identity and Access Management C. AWS Organizations D. Trusted Advisor
C. AWS Organizations Organizations allows you to centrally manage multiple AWS accounts under 1 umbrella.
You are leading a pilot program to try the AWS Cloud for 1 of your applications. You have been instructed to provide an estimate of your AWS bill. Which service will allow you to do this by manually entering your planned resources by service? A. AWS Cost Explorer B. AWS Cost and Usage Report C. AWS Pricing Calculator D. AWS CloudTrail
C. AWS Pricing Calculator With the AWS Pricing Calculator, you can input the services you will use, as well as the configuration of those services, and get an estimate of the costs these services will accrue. The AWS Pricing Calculator can also help with calculating the total cost of ownership.
Which of the following falls under the AWS compute services category? (Choose 2) A. Amazon Elastic MapReduce (EMR) B. Amazon Rekognition C. Amazon Elastic Beanstalk D. AWS Lambda E. ElastiCache
C. Amazon Elastic Beanstalk Amazon Elastic Beanstalk is an example of a compute service. D. AWS Lambda AWS Lambda is an example of a compute service.
Which of the following services does the AWS Shield Standard plan provide? (Choose 2) A. Reimburse related Route 53, CloudFront, and ELB DDoS charges B. Post-attack analysis C. Assistance with protection from common DDoS attacks D. Network flow monitoring
C. Assistance with protection from common DDoS attacks AWS Shield safeguards web applications. AWS Shield Standard is a base-level plan with features that include network flow monitoring and assistance with protection from common DDoS attacks. D. Network flow monitoring AWS Shield safeguards web applications. AWS Shield Standard is a base-level plan with features that include network flow monitoring and assistance with protection from common DDoS attacks.
Your company hosts gaming applications online and would like to deliver these apps to a worldwide audience. Which AWS service would enable delivery to users worldwide and greatly improve response times? A. CloudFormation B. ElastiCache C. CloudFront D. DynamoDB
C. CloudFront CloudFront is a CDN that delivers data and applications globally with low latency.
ElastiCache is an example of what type of AWS service? A. Storage B. Compute C. Database D. Analytics
C. Database ElastiCache is an in-memory cache service used to improve database performance. This means that it saves your most common queries for quicker data retrieval rather than retrieving directly from your database. As a result, it is classified as an AWS Database service.
Which service allows you to connect a private cloud to a public cloud? A. Server Migration Service (SMS) B. CodeDeploy C. Direct Connect D. Route 53
C. Direct Connect Direct Connect is a dedicated physical network connection from your on-premises data center to AWS.
Upon which of these measurements is AWS Lambda pricing based? (Choose 2) A. Data transfer B. Memory C. Duration D. Number of requests
C. Duration With AWS Lambda, you are charged based on the number of requests for your functions and the amount of time (duration) it takes for your code to execute D. Number of requests With AWS Lambda, you are charged based on the number of requests for your functions and the amount of time (duration) it takes for your code to execute.
Which of the following AWS Support levels offers the assistance of a Technical Account Manager? A. Business B. Developer C. Enterprise D. Premium
C. Enterprise Only Enterprise (the highest level of AWS Support plans) offers the services of a Technical Account Manager.
You are using your corporate directory to grant your users access to AWS services. What is this called? A. Multi-Factor Authentication B. Role-based access C. Federated access D. User group access
C. Federated access Federated access is when you use an external directory, such as your corporate one, to grant users in that directory access to AWS resources.
In order to comply with regulatory mandates, some of your data needs to be retained in perpetuity. Which of the following AWS storage services offers low-cost, long-term data archival? A. S3 B. Redshift C. Glacier D. EFS
C. Glacier Glacier is your best choice for deeply discounted, long-term object archival - as long as the data does not need to be available and online at a moment's notice.
Which of the following provides the least expensive Amazon S3 storage? A. Intelligent Tiering B. Glacier C. Glacier Deep Archive D. One Zone-Infrequent Access
C. Glacier Deep Archive Both Glacier and Glacier Deep Archive are for data archiving; as a result, they cost a lot less than the One Zone-Infrequent Access and Intelligent Tiering S3 storage classes, which are for more frequently accessed data. Glacier Deep Archive is the lowest cost option.
Which of the following best describes a system that is always online — without the need for human intervention? A. Elastic B. Fault tolerant C. Highly available D. Scalable
C. Highly available A highly available system is always online — without the need for human intervention. Although fault tolerance is closely related to high availability, fault tolerance usually implies a degradation of service without human intervention, unlike high availability which is like-for-like.
Which deployment types offers the advantages of cloud computing? (Choose 2) A. Private cloud B. On-premises cloud C. Hybrid cloud D. Public cloud
C. Hybrid cloud A hybrid cloud is a combination of public and private clouds. D. Public cloud Public cloud (offered by AWS) provides advantages of cloud computing.
Which of the following best describes the ability to scale computing resources out or in easily, while only paying for the resources used? A. High availability B. Fault tolerance C. Scalability D. Elasticity
D. Elasticity Elasticity describes the ability to scale computing resources out or in easily, while only paying for the resources used.
VPC, CloudFront, and Route 53 are examples of what type of AWS service? A. Compute B. Database C. Networking and Content Delivery D. Migration and Transfer
C. Networking and Content Delivery Amazon VPC, Amazon CloudFront, and Amazon Route 53 are networking and content delivery services that AWS offers. VPC and Route 53 are involved with linking resources with one another to operate interactively; VPC creates a virtual network, and Route 53 connects end users to web applications. CloudFront is an AWS service for fast web content delivery.
A company has a large number of S3 buckets and needs to manage and automate tasks on these buckets at one time. Which AWS feature can do this? A. IAM B. Tagging C. Resource groups D. IAM groups
C. Resource groups You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. This guide shows you how to create and manage AWS resource groups.
Which service allows a user to rotate, manage, and retrieve secrets? A. Key Management Service (KMS) B. CloudHSM C. Secrets Manager D. Identity and Access Management (IAM)
C. Secrets Manager Secrets Manager allows you to manage and retrieve secrets (passwords or keys).
You need to set up a virtual firewall for your EC2 instance. Which would you use? A. IAM policy B. Network ACL C. Security group D. Subnet
C. Security group A security group acts as a virtual firewall for your instance to protect your EC2 instance by controlling inbound and outbound traffic.
Which of the following are attributes of multiple Availability Zones in a given Region? Choose 2 A. They contain exactly 1 data center. B. They are physically grouped in a single facility to achieve high availability. C. They are connected to each other through low-latency links. D. They are fault tolerant.
C. They are connected to each other through low-latency links. D. They are fault tolerant. AZs within a single Region are isolated but connected to each other through low-latency links. If 1 AZ goes out of service, the other AZs shouldn't be impacted.
You've been tasked with assessing your AWS infrastructure in terms of cost optimization. Which of the following AWS services would help with this task? A. CloudTrail B. AWS Personal Health Dashboard C. Trusted Advisor D. AWS Systems Manager
C. Trusted Advisor AWS Trusted Advisor is an online tool that provides you with real-time guidance to help you provision your resources following AWS best practices.
When would you use the Reserved Instance pricing model? (Choose 2) A. Ability to bid on the lowest compute price possible B. Your application has unpredictable workloads C. Your application requires a capacity reservation D. Your application has steady state usage
C. Your application requires a capacity reservation Amazon EC2 Reserved Instances (RI) can provide a capacity reservation, offering additional confidence in your ability to launch the number of instances you have reserved when you need them. D. Your application has steady state usage Reserved Instances are a great way of reducing costs on long running applications with steady state usage. Even if the money is not available to make upfront payments, using Reserved Instances over longer periods can still be useful for cost savings.
Which benefit of cloud computing allows you to avoid planning ahead of time for how much capacity you need? A. High availability B. Durability C. Agility D. Elasticity
D. Elasticity With elasticity, you do not have to plan ahead of time how much capacity you need. You can provision only what you need, and then grow and shrink based on demand.
Which of the following AWS services controls authentication and authorization within an AWS account? A. Access control lists B. AWS Shield C. Security groups D. IAM
D. It can deliver up to five times the throughput of MySQL. Aurora is 5x faster than normal MySQL and 3x faster than normal PostgreSQL
You have recently started using AWS and now need to launch a large number of instances in your VPC. You learn that this number exceeds the service limits for instances in a VPC. What can you do? A. Upgrade your support plan to increase this service limit. B. There is nothing that can be done. Redesign based on a smaller number of instances. C. Use Auto Scaling and the service limit can be exceeded. D. Contact AWS and request a service limit increase.
D. Contact AWS and request a service limit increase. Use the Limits page in the Amazon EC2 console to request an increase in the limits for resources provided by Amazon EC2 or Amazon VPC on a per-Region basis.
Which component of the AWS Global Infrastructure caches content for fast delivery to users? A. Data centers B. Availability Zones C. Regions D. Edge locations
D. Edge locations Edge locations cache content for fast delivery to your users.
A company on the Business Support plan currently runs all their applications in a single Region. They have made the decision to expand to multiple Regions. What is the process to start deploying their applications to the new Regions? A. Open an account and billing support case with AWS Support. B. Copy the existing Availability Zone group to the new Regions. C. Reach out to their Technical Account Manager (TAM) for assistance. D. Just start deploying the applications to the new Regions.
D. Just start deploying the applications to the new Regions. You are free to deploy your applications to new Regions. Don't forget: CloudFormation can make the process of provisioning resources easier and repeatable.
Your application needs fully managed storage for objects. Which of the following options should you choose? A. RDS B. EBS C. EC2 D. S3
D. S3 S3 is fully managed storage for objects. EBS provides virtual hard disks in the cloud and is block-based, not object-based. EC2 is a compute service, and RDS is a database service.
You have used On-Demand Instances for a month but have met unexpected costs with this choice. Which EC2 option provides up to 90% discount on On-Demand Instances while taking advantage of AWS unused EC2 capacity? A. Reserved Instances B. Virtual instances C. Dedicated Host D. Spot Instances
D. Spot Instances Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS Cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and test and development workloads. Because Spot Instances are tightly integrated with AWS services (such as Auto Scaling, EMR, ECS, CloudFormation, Data Pipeline, and AWS Batch), you can choose how to launch and maintain your applications running on Spot Instances.