AWS service 101
Which of the following are features of network ACLs as they are used in the AWS Cloud? (Choose two.) A. They are stateless. B. They are stateful. C. They evaluate all rules before allowing traffic. D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic. E. They operate at the instance level.
A, D 进出都要Allow numbered rule允许即通过 (#30 allow #31 deny --> allow)
A company has stopped all of its Amazon EC2 instances but monthly billing charges continue to occur.What could be causing this? (Choose two.) A. Amazon Elastic Block Store (Amazon EBS) storage charges B. Operating system charges C. Hardware charges D. Elastic IP charges E. Input/output (I/O) charges
A. Amazon Elastic Block Store (Amazon EBS) storage charges D. Elastic IP charges If you have an Elastic IP that is not associated with a running instance, you will incur charges for it. It's always a good idea to release any unassociated Elastic IPs to avoid these charges.
Which of the following actions are controlled with AWS Identity and Access Management (IAM)? (Choose two.) A. Control access to AWS service APIs and to other specific resources. B. Provide intelligent threat detection and continuous monitoring. C. Protect the AWS environment using multi-factor authentication (MFA). D. Grant users access to AWS data centers. E. Provide firewall protection for applications from common web attacks.
A. Control access to AWS service APIs and to other specific resources. C. Protect the AWS environment using multi-factor authentication (MFA). AWS data centers --> physical access
A company launched an Amazon EC2 instance with the latest Amazon Linux 2 Amazon Machine Image (AMI).Which actions can a system administrator take to connect to the EC2 instance? (Choose two.) A. Use Amazon EC2 Instance Connect. B. Use a Remote Desktop Protocol (RDP) connection. C. Use AWS Batch D. Use AWS Systems Manager Session Manager. E. Use Amazon Connect
A. Use Amazon EC2 Instance Connect. D. Use AWS Systems Manager Session Manager.
Which design principle is included in the operational excellence pillar of the AWS Well-Architected Framework? A. Create annotated documentation. B. Anticipate failure. C. Ensure performance efficiency. D. Optimize costs.
B. Anticipate failure.
Which action will provide documentation to help a company evaluate whether its use of the AWS Cloud is compliant with local regulatory standards? A. Running Amazon GuardDuty B. Using AWS Artifact C. Creating an AWS Support ticket D. Evaluating AWS CloudTrail logs
B. Using AWS Artifact
Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand? A. Amazon GuardDuty B. AWS Security Hub C. AWS Artifact D. AWS Shield
C. AWS Artifact
Which AWS services offer gateway VPC endpoints that can be used to avoid sending traffic over the internet? (Choose two.) A. Amazon Simple Notification Service (Amazon SNS) B. Amazon Simple Queue Service (Amazon SQS) C. AWS CodeBuild D. Amazon S3 E. Amazon DynamoDB
D. Amazon S3 E. Amazon DynamoDB
Which AWS service should a company use to create a serverless workflow? A. Amazon Connect B. AWS Lambda C. AWS Step Functions D. Amazon Elastic Block Store (Amazon EBS) E. AWS CodeBuild
C. AWS Step Functions
A company plans to create a data lake that uses Amazon S3.Which factor will have the MOST effect on cost? A. The selection of S3 storage tiers B. Charges to transfer existing data into Amazon S3 C. The addition of S3 bucket policies D. S3 ingest fees for each request
A You pay for all bandwidth into and out of Amazon S3, except for the following: Data transferred out to the internet for the first 100GB per month, aggregated across all
Which of the following are benefits of migrating to the AWS Cloud? (Choose two.) A. Operational resilience B. Discounts for products on Amazon.com C. Business agility D. Business excellence E. Increased staff retention
A, C The six benefits of AWS Cloud: 1. Global in minutes 2. Speed and agility 3. Economies of scale 4. Capacity 5. Cost optimization 6. Variable expenses
Which AWS services are serverless? (Choose two.) A. AWS Fargate B. Amazon Managed Streaming for Apache Kafka C. Amazon EMR D. Amazon S3 E. Amazon EC2
A. AWS Fargate D. Amazon S3 Amazon EMR (Elastic MapReduce): EMR is a cloud-native big data platform, but it requires you to provision and manage clusters of EC2 instances for data processing.
Which AWS service provides alerts when an AWS event may impact a company's AWS resources? A. AWS Personal Health Dashboard B. AWS Service Health Dashboard C. AWS Trusted Advisor D. AWS Infrastructure Event Management
A. AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts Service Health Dashboard shows all regions and services health
What information is found on an AWS Identity and Access Management (IAM) credential report? (Choose two.) A. The date and time when an IAM user's password was last used to sign in to the AWS Management Console. B. The type of multi-factor authentication (MFA) device assigned to an IAM user. C. The User-Agent browser identifier for each IAM user currently logged in. D. Whether multi-factor authentication (MFA) has been enabled for an IAM user. E. The number of incorrect login attempts by each IAM user in the previous 30 days.
A. The date and time when an IAM user's password was last used to sign in to the AWS Management Console. D. Whether multi-factor authentication (MFA) has been enabled for an IAM user.
Which AWS service or tool can be used to capture information about inbound and outbound traffic in an Amazon VPC? A. VPC Flow Logs B. Amazon Inspector C. VPC endpoint services D. NAT gateway
A. VPC Flow Logs
Which AWS service provides a feature that can be used to proactively monitor and plan for the service quotas of AWS resources? A. AWS CloudTrail B. AWS Personal Health Dashboard C. AWS Trusted Advisor D. Amazon CloudWatch
AWS Trusted Advisor Recommendations that help you follow AWS best practices. Evaluates account by using checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas.
A company needs to implement identity management for a fleet of mobile apps that are running in the AWS Cloud.Which AWS service will meet this requirement? A. Amazon Cognito B. AWS Security Hub C. AWS Shield D. AWS WAF
Amazon Cognito
A company recently created its first AWS account.Which AWS services will require the use of a VPC? (Choose two.) A. Amazon S3 B. Amazon Elastic File System (Amazon EFS) C. Amazon Cognito D. Amazon DynamoDB E. Amazon EC2
Amazon EFS is a file storage service that provides a persistent file system for your EC2 instances. It requires a VPC to isolate your EFS file system from other resources in the AWS Cloud. Amazon EC2 is a service that provides virtual machines that you can use to run your applications. It requires a VPC to isolate your EC2 instances from other resources in the AWS Cloud.
A company has an on-premises Oracle database. The company spends a significant amount of time on database administration activities. The company is moving the database to AWS and needs to minimize the time that is required for those administration activitiesWhich AWS service should the company use to meet this requirement? A. Amazon ElastiCache B. Amazon EC2 C. Amazon RDS D. Amazon DynamoDB
Amazon RDS for Oracle is a fully managed commercial database that makes it easy to set up, operate, and scale Oracle deployments in the cloud.
A company is starting to build its infrastructure in the AWS Cloud. The company wants access to technical support during business hours. The company also wants general architectural guidance as teams build and test new applications.Which AWS Support plan will meet these requirements at the LOWEST cost? A. AWS Basic Support B. AWS Developer Support C. AWS Business Support D. AWS Enterprise Support
B. AWS Developer Support
Which of the following is a managed AWS service that is used specifically for extract, transform, and load (ETL) data? A. Amazon Athena B. AWS Glue C. Amazon S3 D. AWS Snowball Edge
B. AWS Glue
Which AWS service or feature checks access policies and offers actionable recommendations to help users set secure and functional policies? A. AWS Systems Manager B. AWS IAM Access Analyzer C. AWS Trusted Advisor D. Amazon GuardDuty
B. AWS IAM Access Analyzer While Trusted Advisor might give some security-related recommendations, it doesn't specifically provide actionable recommendations on IAM policies in the same detailed way as IAM Access Analyzer.
A company wants to organize its users so that the company can grant permissions to the users as a group.Which AWS service or tool can the company use to meet this requirement? A. Security groups B. AWS Identity and Access Management (IAM) C. Resource groups D. AWS Security Hub
B. AWS Identity and Access Management (IAM)
A large enterprise with multiple VPCs in several AWS Regions around the world needs to connect and centrally manage network connectivity between its VPCs.Which AWS service or feature meets these requirements? A. AWS Direct Connect B. AWS Transit Gateway C. AWS Site-to-Site VPN D. VPC endpoints
B. AWS Transit Gateway
Which of the following is a benefit of decoupling an AWS Cloud architecture? A. Reduced latency B. Ability to upgrade components independently C. Decreased costs D. Fewer components to manage
B. Ability to upgrade components independently
A company wants to use the AWS Cloud to provide secure access to desktop applications that are running in a fully managed environment.Which AWS service should the company use to meet this requirement? A. Amazon S3 B. Amazon AppStream 2.0 C. AWS AppSync D. AWS Outposts
B. Amazon AppStream 2.0
Which AWS service provides automated backups of data by default? A. Amazon S3 B. Amazon Aurora C. Amazon ElastiCache for Memcached D. Amazon Elastic File System (Amazon EFS)
B. Amazon Aurora
A company is running a standard PostgreSQL database on premises. The company is migrating the database to the AWS Cloud and does not want to change the queries that access the database. The company must maximize the query performance.Which AWS service will meet these requirements? A. Amazon RDS for PostgreSQL B. Amazon Aurora PostgreSQL C. Amazon DocumentDB (with MongoDB compatibility) D. Amazon DynamoDB
B. Amazon Aurora PostgreSQL
Which AWS services can use AWS WAF to protect against common web exploitations? (Choose two.) A. Amazon Route 53 B. Amazon CloudFront C. AWS Transfer Family D. AWS Site-to-Site VPN E. Amazon API Gateway
B. Amazon CloudFront E. Amazon API Gateway
Which AWS service can be used to provide an on-demand, cloud-based contact center? A. AWS Direct Connect B. Amazon Connect C. AWS Support Center D. AWS Managed Services
B. Amazon Connect
A company would like to host its MySQL databases on AWS and maintain full control over the operating system, database installation, and configuration.Which AWS service should the company use to host the databases? A. Amazon RDS B. Amazon EC2 C. Amazon DynamoDB D. Amazon Aurora
B. Amazon EC2
A company needs to perform data processing once a week that typically takes about 5 hours to complete.Which AWS service should the company use for this workload? A. AWS Lambda B. Amazon EC2 C. AWS CodeDeploy D. AWS Wavelength
B. Amazon EC2 Lambda 最多15分钟
Which of the following is the customer responsible for updating and patching, according to the AWS shared responsibility model? A. Amazon FSx for Windows File Server B. Amazon WorkSpaces virtual Windows desktop C. AWS Directory Service for Microsoft Active Directory D. Amazon RDS for Microsoft SQL Server
B. Amazon WorkSpaces virtual Windows desktop
An ecommerce company has deployed a new web application on Amazon EC2 instances. The company wants to distribute incoming HTTP traffic evenly across all running instances.Which AWS service or resource will meet this requirement? A. Amazon EC2 Auto Scaling B. Application Load Balancer C. Gateway Load Balancer D. Network Load Balancer
B. Application Load Balancer
What is the security best practice concerning sensitive data stored in Amazon S3? A. Enable cross-Region replication on the S3 bucket. B. Enable S3 server-side encryption on the S3 bucket. C. Configure AWS WAF to prevent unauthorized access to the S3 bucket. D. Configure Amazon GuardDuty to prevent unauthorized access to the S3 bucket.
B. Enable S3 server-side encryption on the S3 bucket. GuardDuty can only monitor but no restrict access
Which IT controls do AWS and the customer share, according to the AWS shared responsibility model? (Choose two.) A. Physical and environmental controls B. Patch management C. Cloud awareness and training D. Zone security E. Application data encryption
B. Patch management C. Cloud awareness and training AWS trains AWS employees, but a customer must train their own employees.
A company is planning to replace its physical on-premises compute servers with AWS serverless compute services. The company wants to be able to take advantage of advanced technologies quickly after the migration.Which pillar of the AWS Well-Architected Framework does this plan represent? A. Security B. Performance efficiency C. Operational excellence D. Reliability
B. Performance efficiency
A web application is hosted on AWS using an Elastic Load Balancer, multiple Amazon EC2 instances, and Amazon RDS.Which security measures fall under the responsibility of AWS? (Choose two.) A. Running a virus scan on EC2 instances B. Protecting against IP spoofing and packet sniffing C. Installing the latest security patches on the RDS instance D. Encrypting communication between the EC2 instances and the Elastic Load Balancer E. Configuring a security group and a network access control list (NACL) for EC2 instances
B. Protecting against IP spoofing and packet sniffing C. Installing the latest security patches on the RDS instance
Which of the following acts as an instance-level firewall to control inbound and outbound access? A. Network access control list B. Security groups C. AWS Trusted Advisor D. Virtual private gateways
B. Security groups Network access control list (NACL): Acts as a subnet-level firewall Security groups: instance-level firewall
Which AWS service or tool should a company use to centrally request and track service limit increases? A. AWS Config B. Service Quotas C. AWS Service Catalog D. AWS Budgets
B. Service Quotas Config - Audit and evaluate the configurations Service Quotas - view and manage your quotas (limits) for AWS services from a central location. AWS Service Catalog allows organizations to manage approved catalogs of IT services.
Which of the following are design principles of the reliability pillar of the AWS Well-Architected Framework? (Choose two.) A. Perform operations as code. B. Stop guessing capacity. C. Adopt serverless architecture whenever possible. D. Use build and deployment management systems. E. Make changes to infrastructure by using automation.
B. Stop guessing capacity. E. Make changes to infrastructure by using automation. Automation ensures that changes are consistently applied across your environment, reducing the risk of human error. A. Perform operations as code. - Operational Excellence C. Adopt serverless architecture whenever possible. - Performance Efficiency D. Use build and deployment management systems. -Operational Excellence pillar as it emphasizes the use of automation in deployment processes.
A company wants to migrate its applications from its on-premises data center to a VPC in the AWS Cloud. These applications will need to access on-premises resources.Which actions will meet these requirements? (Choose two.) A. Use AWS Service Catalog to identify a list of on-premises resources that can be migrated. B. Create a VPN connection between an on-premises device and a virtual private gateway in the VPC. C. Use an Amazon CloudFront distribution and configure it to accelerate content delivery close to the on-premises resources. D. Set up an AWS Direct Connect connection between the on-premises data center and AWS. E. Use Amazon CloudFront to restrict access to static web content provided through the on-premises web servers.
B. VPN D. Direct Connect
A retail company needs to build a highly available architecture for a new ecommerce platform. The company is using only AWS services that replicate data across multiple Availability Zones.Which AWS services should the company use to meet this requirement? (Choose two.) A. Amazon EC2 B. Amazon Elastic Block Store (Amazon EBS) C. Amazon Aurora D. Amazon DynamoDB E. Amazon Redshift
C D multi AZ 需要 inherently replicate data across multiple Availability Zones (AZs) for high availability Amazon Redshift is a data warehousing service. It can back up data to S3 and replicate within a single cluster, but for high availability, manual setup or other techniques would be necessary to ensure that data is available in more than one AZ.
Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances? A On-Demand Instances B Reserved Instances C Spot Instances D Convertible Reserved Instances
C Spot Instances Spot Instances are discounted more heavily when there is more capacity available in the Availability Zones. Not On-Demand: On-Demand Instances are offered at a set price by AWS Region.
A company needs to build an application that uses AWS services. The application will be delivered to residents in European Counties. The company must abide by regional regulatory requirements.Which AWS service or program should the company use to determine which AWS services meet the regional requirements? A. AWS Audit Manager B. AWS Shield C. AWS Compliance Program D. AWS Artifact
C. AWS Compliance Program regional regulatory - Compliance access specific compliance documentation - Artifact
A company wants to improve the overall availability and performance of its applications that are hosted on AWS.Which AWS service should the company use? A. Amazon Connect B. Amazon Lightsail C. AWS Global Accelerator D. AWS Storage Gateway
C. AWS Global Accelerator AWS Global Accelerator is a service that improves the availability and performance of your applications with local or global users.
A company is operating several factories where it builds products. The company needs the ability to process data, store data, and run applications with local system interdependencies that require low latency.Which AWS service should the company use to meet these requirements? A. AWS IoT Greengrass B. AWS Lambda C. AWS Outposts D. AWS Snowball Edge
C. AWS Outposts This allows for a truly hybrid environment, providing low latency and local system interdependencies as described in the scenario.
A company is preparing to launch a new web store that is expected to receive high traffic for an upcoming event. The web store runs only on AWS, and the company has an AWS Enterprise Support plan.Which AWS resource will provide guidance about how the company should scale its architecture and operational support during the event? A. AWS Abuse team B. The designated AWS technical account manager (TAM) C. AWS infrastructure event management D. AWS Professional Services
C. AWS infrastructure event management
A company needs to perform queries and interactively search and analyze log data.Which AWS service or feature will meet this requirement? A. Amazon EventBridge (Amazon CloudWatch Events) B. Amazon CloudWatch anomaly detection C. Amazon CloudWatch Logs Insights D. Amazon CloudWatch Logs streams
C. Amazon CloudWatch Logs Insights CloudWatch Logs Insights: Analyse, and search data in real-time. CloudWatch Logs Stream: Real-time process, monitor, alert & notification.
A company needs to set up user authentication for a new application. Users must be able to sign in directly with a user name and password, or through a third- party provider.Which AWS service should the company use to meet these requirements? A. AWS Single Sign-On B. AWS Signer C. Amazon Cognito D. AWS Directory Service
C. Amazon Cognito
A company has a social media platform in which users upload and share photos with other users. The company wants to identify and remove inappropriate photos. The company has no machine learning (ML) scientists and must build this detection capability with no ML expertise.Which AWS service should the company use to build this capability? A. Amazon SageMaker B. Amazon Textract C. Amazon Rekognition D. Amazon Comprehend
C. Amazon Rekognition Find objects, people, text, scenes in images and videos using ML
Which of the following describes AWS Local Zones? A. A cluster of data centers in one geographic location B. A site used by Amazon CloudFront to cache frequently accessed content C. An extension of an AWS Region to more granular locations D. One or more data centers with redundant power and networking
C. An extension of an AWS Region to more granular locations
A company has refined its workload to use specific AWS services to improve efficiency and reduce cost.Which best practice for cost governance does this example show? A. Resource controls B. Cost allocation C. Architecture optimization D. Tagging enforcement
C. Architecture optimization Architecture optimization involves fine-tuning and restructuring application and infrastructure designs to make the most of AWS services in a cost-effective manner.
What is the customer ALWAYS responsible for managing, according to the AWS shared responsibility model? A. Software licenses B. Networking C. Customer data D. Encryption keys
C. Customer data
Which controls does the customer fully inherit from AWS in the AWS shared responsibility model? A. Patch management controls B. Awareness and training controls C. Physical and environmental controls D. Configuration management controls
C. Physical and environmental controls 阅读理解,fully从AWS继承 --> AWS的responsibility
Which pillar of the AWS Well-Architected Framework is focused on the ability of a workload to perform its intended function correctly and consistently at the expected time? A. Performance efficiency B. Operational excellence C. Reliability D. Security
C. Reliability
What should a user do if the user loses an IAM secret access key? A. Retrieve the secret access key by using the IAM console. B. Create a new user with a new access key and a new secret access key. C. Rotate the secret access key. D. Request a new secret access key from AWS Support.
C. Rotate the secret access key.
A company wants to secure its consumer web application by using SSL/TLS to encrypt traffic.Which AWS service can the company use to meet this goal? A. AWS WAF B. AWS Shield C. Amazon VPC D. AWS Certificate Manager (ACM)
D. AWS Certificate Manager (ACM) SSL/TLS --> ACM
A company is planning to run a global marketing application in the AWS Cloud. The application will feature videos that can be viewed by users. The company must ensure that all users can view these videos with low latency.Which AWS service should the company use to meet this requirement? A. AWS Auto Scaling B. Amazon Kinesis Video Streams C. Elastic Load Balancing D. Amazon CloudFront
D. Amazon CloudFront u can use Amazon CloudFront to store cached copies of your content at edge locations
A company needs an AWS service that will continuously monitor the company's AWS account for suspicious activity. The service must have the ability to initiate automated actions against threats that are identified in the security findings.Which service will meet these requirements? A. AWS Trusted Advisor B. Amazon Detective C. Amazon Inspector D. Amazon GuardDuty
D. Amazon GuardDuty monitor -- GuardDuty best practice -- Trusted Advisor root cause -- Detective assessment -- Inspector
A company needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances. The report also must identify operating system vulnerabilities on those instances.Which AWS service or feature should the company use to meet this requirement? A. AWS Trusted Advisor B. Security groups C. Amazon Macie D. Amazon Inspector
D. Amazon Inspector AWS Trusted Advisor - best practices no operating system vulnerabilities Security groups - in/out bound control, no assess vulnerabilities Macie - S3
Which AWS service helps developers use loose coupling and reliable messaging between microservices? A. Elastic Load Balancing B. Amazon Simple Notification Service (Amazon SNS) C. Amazon CloudFront D. Amazon Simple Queue Service (Amazon SQS)
D. Amazon Simple Queue Service (Amazon SQS) DeCouple --> SQS
A user is a new AWS account owner who has no special access requirements.What should this user do with the AWS account root user access keys? A. Share the keys with all relevant internal users so that those users can programmatically access AWS services. B. Post the keys on GitHub to provide development teams with access to AWS services. C. Use the keys for access, but do not share the keys with anyone. D. Delete the keys and create IAM users.
D. Delete the keys and create IAM users.
Which architecture design principle describes the need to isolate failures between dependent components in the AWS Cloud? A. Use a monolithic design. B. Design for automation. C. Design for single points of failure. D. Loosely couple components.
D. Loosely couple components. if a single component fails, the other components continue to work because they are communicating with each other. The loose coupling prevents the entire application from failing.
A user has an AWS account with a Business-level AWS Support plan and needs assistance with handling a production service disruption.Which action should the user take? A. Contact the dedicated AWS technical account manager (TAM). B. Contact the dedicated AWS Concierge Support team. C. Open a business-critical system down support case. D. Open a production system down support case.
D. Open a production system down support case.
Which pillar of the AWS Well-Architected Framework includes the continual improvement of processes and procedures as a priority? A. Cost optimization B. Reliability C. Performance efficiency D. Operational excellence
D. Operational excellence The Performance Efficiency pillar of the AWS Well-Architected Framework focuses on ensuring that your system efficiently uses IT and computing resources to meet evolving system requirements. Key concepts of this pillar include: - Selection - Review - Monitoring - Trade-offs
Treating infrastructure as code in the AWS Cloud allows users to: A. automate migration of on-premises hardware to AWS data centers. B. let a third party automate an audit of the AWS infrastructure. C. turn over application code to AWS so it can run on the AWS infrastructure. D. automate the infrastructure provisioning process.
D. automate the infrastructure provisioning process. IaC is about infrastructure management and provisioning, not about handing over application code to AWS.
A company needs fully managed, highly reliable, and scalable file storage that is accessible over the Server Message Block (SMB) protocol.Which AWS service will meet these requirements? A. Amazon S3 B. Amazon Elastic File System (Amazon EFS) C. Amazon FSx for Windows File Server D. Amazon Elastic Block Store (Amazon EBS)
SMB --> FSX