Certified Cloud Practitioner Practice Exam
An ELB instance is configured with the default HealthCheck and Response Timeout intervals as 30 seconds and 5 seconds respectively. How long will it take for an instance within a target group to be labelled as OutOfService, it it goes down a second after the latest HealthCheck? A. 34 Seconds B. 30 Seconds C. 35 Seconds D. 4 Seconds
A. 34 Seconds Since the health check runs every 30 seconds and the instance goes down one second into the cycle, it means 29 seconds will lapse before a new health check is run. Additionally, it will take 5 more seconds of the ELB instance probing the instance that is down, upon getting no response, it would then fail the health check. Therefore, 29 + 5 seconds = 34 seconds.
Domain: Cloud Concepts For the AWS Shared Responsibility Model, which of the following responsibilities is not part of shared controls for which both customer and AWS are responsible? A. Patch Management B. Configuration Management C. Data Integrity D. Training
C. Data Integrity Customers are solely responsible for data integrity of traffic flow between resources launched in the AWS cloud.
____________ automates the discovery of sensitive data at scale and lowers the cost of protecting your data using machine learning and pattern matching technique. a. Amazon Macie b. AWS Shield c. Amazon GuardDuty d. AWS Security Hub
a. Amazon Macie Option A is CORRECT. Amazon Macie automates the discovery of sensitive data at scale and lowers the cost of protecting your data
Security and compliance is a shared responsibility between AWS and the customer. Which amongst the below-listed are AWS responsibilities? (Select TWO) a. Perform all the necessary security configuration and management tasks for Amazon Elastic Compute Cloud (Amazon EC2) b. Patch management of the guest OS and applications c. Security of the data in the cloud d. Security of the cloud e. Patch management within the infrastructure
d. Security of the cloud e. Patch management within the infrastructure Option D is CORRECT as security of the cloud is AWS's responsibility Option E is CORRECT. AWS is responsible for patching and fixing flaws within the infrastructure
During an organization's information systems audit, the administrator is requested to provide a dossier of security and compliance reports and online service agreements between the organization and AWS. Which service can they utilize to acquire this information? A. AWS Artifact B. AWS Resource Center C. AWS Service Catalog D. AWS Directory Service
A. AWS Artifact AWS Artifact is a comprehensive resource center to have access to the AWS' auditor-issued reports and security and compliance documentation from several renowned independent standard organizations.
In the AWS Billing and Management service, which tool can provide usage-based forecasts of estimated billing costs and usage for the coming months? A. AWS Cost Explorer B. AWS Bills C. AWS Reports D. AWS Cost and Usage Reports
A. AWS Cost Explorer AWS Cost Explorer can create user-defined custom forecasts for future usage patterns
Which of the following Amazon Web Services can be referred to as a serverless service? (Select THREE) A. AWS Lambda B. Elastic Load Balancing C. AWS Cloud9 D. Amazon DynamoDB
A. AWS Lambda C. AWS Cloud9 D. Amazon DynamoDB The serverless concept refers to the abiilty to leverage compute processing functions without the infrastructure overhead. AWS Lambda is a serverless online code scripting platform within AWS that allows the user to write, edit, and run code functions in various languages, including JSON. These functions can be triggered to call or invoke other AWS applications in the user's build. AWS Cloud9 is a serverless online integrated development environment (IDE) used to author, edit, run, debug code of various languages.
Your company is planning to use the AWS cloud. But there is a management decision that resources need to split department wise. And the decision is tending towards managing multiple AWS accounts. Which of the following would help in the effective management and also provide an efficient costing model? A. AWS Organizations B. Amazon Dev Pay C. AWS Trusted Advisor D. AWS Cost Explorer
A. AWS Organizations The AWS Documentation mentions the following: AWS Organizations offers policy-based management for multiple AWS accounts. With organizations, you can create multiple groups of accounts and then apply policies to those groups. Organizations enable you to centrally manage policies across multiple accounts without requiring custom scripts and manual processes.
A company wants to utilize AWS storage. For the, low storage cost is paramount. The data is rarely retrieved and a data retrieval time of several hours is acceptable for them. What is the best storage option to use? A. Amazon Glacier B. Amazon S3 Reduced Redundancy Storage C. EBS backed storage connected to EC2 D. AWS CloudFront
A. Amazon Glacier Amazon Glacier is a storage service optimized for infrequently used data or "cold data." The service provides durable and extremely low-cost storage with security features for data archiving and backup. With Amazon Glacier, you can store your data cost-effectively for months, years, or even decades.
A group of non-tech savvy friends are looking to set up a website for an upcoming event at a cost-effective price, with a novice-friendly interface. Which AWS service is the most appropriate to use? A. Use AWS Marketplace to install a ready-made WordPress AMI B. Use AWS LightSail C. Use a pre-configured customizable Apache web server on an Amazon EC2 instance D. Download a pre-configured website on an EC2 instance from a third-party website generator
B. Use AWS LightSail AWS LightSail is an inexpensive, easy-to-use, novice-friendly and interactive platform to configure and launch web applications or websites quickly. AWS LightSail is best to utilize for simple workloads and has fast start-to-end deployment. It is built to assist users who have little or no expertise with web application design. It also allows users to implement small deployments that are easily disposable or easily scale with the use case.
Domain: Security There is an external audit being carried out on your company. The IT auditor needs to have a log of all access to the AWS resources in the company's account. Which of the below services can assist in providing these details? A. AWS CloudWatch B. AWS CloudTrail C. AWS EC2 D. AWS SNS
B. AWS CloudTrail Using CloudTrail, one can monitor all the API activity conducted on all AWS services. The AWS Documentation additionally mentions the following: AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console. AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
Which of the following services allows you to distribute load across multiple EC2 instances? A. AWS Autoscaling B. AWS Elastic Load Balancer C. AWS Regions D. AWS IAM
B. AWS Elastic Load Balancer The AWS Documentation mentions the following on the ELB: Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.
Which of the following helps you set up a logically isolated section of your AWS cloud? A. AWS Subnets B. AWS VPC C. AWS Regions D. AWS Availability Zones
B. AWS VPC The AWS Documentation mentions the following: Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. The virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
In a fully managed service such as Amazon Aurora, what are the implications of the Shared Responsibility Model? A. Amazon is responsible for only the physical infrastructure on which the user's data resides B. Amazon is responsible for the RDS instances, the operating system updates, patching of software, and its maintenance C. The user is responsible for the operation system updates, patching of software, and its maintenance D. The user is responsible for the security of the EC2 instances on which the relational database resides
B. Amazon is responsible for the RDS instances, the operating system updates, patching of software, and its maintenance In fully managed services such as Amazon Aurora, the user does not have access to the backend EC2 instances where the relational database resides. Backups, software updates, and patches are administered by Amazon.
Domain: Cloud Concepts Which of the following are best practices when designing cloud-based systems? Choose 2 answers from the options below. A. Build tightly-coupled components B. Build loosely-coupled components C. Assume everything will fail D. Use as many services as possible
B. Build loosely-coupled components C. Assume everything will fail Always build components that are loosely coupled. This is so that even if one component does fail, the entire system does not fail. If you build with the assumption that everything will fail, you will ensure that the right measures are taken to build a highly scalable and fault-tolerant system.
Why does it take between 24 to 48 hours for changes made to a hosted zone in Amazon Route53 to reflect globally? A. AWS Name Severs need between 24 to 48 hours to create record sets, update their respective values, and process changes B. DNS resolvers around the world can only reflect the changes in their cache after Time to Live (TTL) has expired; it is 24 hours by default C. AWS Name Servers around the world update their cache in tandem; it takes between 24 hours to 48 hours for the process to complete D. If changes to the hosted zone are made in the same AWS Region as the DNS resolver, it can take between 6 to 12 hours
B. DNS resolvers around the world can only reflect the changes in their cache after Time to Live (TTL) has expired; it is 24 hours by default Generally, DNS resolvers make queries for changes every 86,400 seconds. That means the DNS resolver cache is stagnant for up to 24 hours. This can be changed, but the widely accepted time is 24 hours.
Why is Amazon DynamoDB service best-suited for implementation in mobile, Internet of Things (IoT), and gaming applications? A. DynamoDB is a fully-managed database instance with no infrastructure overheads B. DynamoDB has a flexible data model and single-digit millisecond latency C. Whilst in operation, DynamoDB instances are spread across at least three geographically distinct centers, AWS Regions D. DynamoDB supports eventual and strongly consistent reads
B. DynamoDB has a flexible data model and single-digit millisecond latency The use cases mentioned in the scenerio have unstructured data in common. Therefore, the most appropriate attribute of Amazon DynamoDB is its flexible data model and single-digit millisecond latency.
Which of the following features of Amazon RDS allows for better availability of databases? Choose the answer from the options given below. A. VPC Peering B. Multi-AZ C. Read Replicas D. Data Encryption
B. Multi-AZ The AWS Documentation mentions the following: If you are looking to use replication to increase database availability while protecting your latest database updates against unplanned outages, consider running your DB instance as a Multi-AZ deployment.
Domain: Billing and Pricing: A "Member AWS account" in an AWS organization (using consolidated billing) wants to receive a cost breakdown report (product-wise daily report) so that the analysis of cost and usage could be done. Where can this report be configured to be delivered? A. S3 bucket owned by the member account B. S3 bucket owned by the master account C. AWS Management Console D. Amazon Athena
B. S3 bucket owned by the master account As the consolidated billing feature is being used in AWS organizations, the S3 bucket where the report could be configured to be received should be owned by the master account in the organization. Billing reports cannot be received in S3 buckets owned by member accounts. The report delivered to the S3 bucket owned by the master account could be ingested to Amazon Athena. After that , the data in the S3 bucket can be analyzed using standard SQL queries. AWS Management Console is a centralized management and governance console for all the AWS products.
Your organization is planning to migrate to AWS but the management is concerned about the cost and initial investment needed. Which of the following features of AWS pricing would help you firm to lower the initial investment required for the AWS migration? (Select 3 Options) A. The availability to choose the lowest cost vendor B. The ability to pay as you go C. No upfront costs D. Discounts on payments
B. The ability to pay as you go C. No upfront costs D. Discounts on payments The best features of AWS that make migration reliable are: 1. No upfront costs 2. The ability to pay as you go where the customer only pays for the resources used
A startup company that works on social media apps development would like to grant freelance developers temporary access to its Lambda functions setup on AWS. These developers would be signing-in via Facebook authentication. Which service is the most appropriate to grant secure access? A. Create user credentials using Identity Access Management (IAM) B. Use Amazon Congnito for web-identity federation C. Create temporary access roles using IAM D. Use a third-party web ID, federated access provider
B. Use Amazon Congnito for web-identity federation Amazon Cognito web identity federation service acts as a broker that allows authenticated users to access AWS resources. After successful authentication on platforms such as Facebook, LinkedIn, or Google Mail, users receive temporary authentication code from Amazon Cognito, thereby gain temporary access.
You have an application developed in .NET. This application works with the S3 buckets in a particular region. The application is hosted on an EC2 instance. Which of the following should ideally be used to ensure that the EC2 instance has the appropriate access to the S3 buckets? A. AWS Users B. AWS Groups C. AWS IAM Roles D. AWS IAM Policies
C. AWS IAM Roles The AWS Documentation mentions the following: You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources.
Domain: Cloud Concepts What is the concept of an AWS Region? A. It is a collection of Edge Locations B. It is a collection of Compute capacity C. It is a geographical area divided into Availability Zones D. It is the same as an Availability Zone
C. It is a geographical area divided into Availability Zones A Region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones.
Which of the following security requirements are managed by AWS? Select 3 answers from the options given below. A. Password Policies B. User Permissions C. Physical Security D. Disk Disposal E. Hardware Patching
C. Physical Security D. Disk Disposal E. Hardware Patching As per the Shared Responsibility Model, the Patching of the underlying hardware and physical security of AWS resources is the responsibility of AWS. https://aws.amazon.com/compliance/shared-responsibility-model/ Disk Disposal - Storage Device Decommissioning: When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M ("National Industrial Security Program Operating Manual") or NIST 800-88 ("Guidelines for Media Sanitation") to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.
Domain: Security A web administrator maintains several public and private web-based resources for an organization. Which service can they use to keep track of the expiry dates of SSL/TLS certificates as well as updating and renewal? A. AWS Data Lifecycle Manager B. AWS License Manager C. AWS Firewall Manager D. AWS Certificate Manager
D. AWS Certificate Manager The AWS Certificate Manager allows the web administrator to maintain one or several SSL/TLS certificates, both private and public certificates including their update and renewal so that the administrator does not worry about the imminent expiry of certificates.
Domain: Cloud Concepts An organization has a persistently high amount of throughput. It requires connectivity with no jitter and very low latency between its on-premise infrastructure and its AWS cloud build to support live streaming and real-time services. What is the MOST appropriate solution to meet this requirement? A. AWS Data Streams B. AWS Kinesis C. Kinesis Data Firehouse D. AWS Direct Connect
D. AWS Direct Connect AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from the organization's premises to AWS. The service provides a dedicated network connection with one of the AWS Direct Connect locations. It makes it possible to guarantee high bandwidth and very low latency connectivity.
Domain: Billing and Pricing Which of the following tools can be used to create an estimated cost for a new solution to be deployed on AWS cloud infrastructure? A. AWS Cost and Usage Report B. AWS Budgets C. AWS Cost Explorer D. AWS Pricing Calculator
D. AWS Pricing Calculator AWS Pricing Calculator helps create estimated usage costs for all resources to be deployed on AWS Cloud Infrastructure.
A website for an international sports governing body would like to serve its content to viewers from different parts of the world in their vernacular language. Which is the most suitable service that will allow different language versions of the same website to be served? A. Amazon CloudFront B. Content Delivery Network (CDN) C. Amazon LightSail D. Amazon Route53
D. Amazon Route53 In Amazon Route53, the geolocation routing policy allows for different resources to serve content based on the origin of the request. This, in turn, makes it possible in the scenario for different versions of the website to be served.
A cloud solutions architect needs to execute urgent mission-critical tasks on the AWS Management Console. But, he has left his Windows-based machine at home. Given that only Non-Graphical User Interface (non-GUI) Linux-based machines are currently available, what would be the most secure options to administer these tasks on the cloud infrastructure? A. Share the AWS Management Console credentials with the person at home or over the phone to execute the tasks on his behalf B. Use third-party remote desktop software to access the Windows-based machine at home from the non-GUI workstations and administer the required tasks C. Use Secure Shell (SSH) to securely connect to the Windows-based machine from one of the non-GUI Linux-based machines and log onto the AWS Management Console D. Install and run AWS CLI on one of the non-GUI Linux-based machines, in a shell environment, such as Bash. The cloud solutions architect will be able to access ALL services just as they can also be accessed from a Windows-based machine
D. Install and run AWS CLI on one of the non-GUI Linux-based machines, in a shell environment, such as Bash. The cloud solutions architect will be able to access ALL services just as they can also be accessed from a Windows-based machine. AWS Command Line Interface (AWS CLI) is an open-source tool that enables access and interaction with AWS services using commands in the command-line shell. With minimal configuration, the cloud solutions architect would start using the functionality equivalent to that provided by the browser-based AWS Management Console from the command prompt in a terminal program such as bash.
Which of the following accurately describes a typical use case in which the AWS CodePipeline service can be utilized? A. To compose code in an integrated development environment that enables developers to run, test, and debug components of a dynamic microservice B. To compile and deploy a microservice onto Amazon EC2 instances or AWS Lambda functions C. To securely share code, collaborate on source code, version control, and store binaries on an AWS fully-managed platform that scales seamlessly D. To orchestrate and automate the various phases involved in the release of application updates in-line with a predefined release model
D. To orchestrate and automate the various phases involved in the release of application updates in-line with a predefined release model. The question is looking for a typical use case for AWS CodePipeline. Option D is the most appropriate because AWS CodePipeline is typically utilized when orchestrating and automating the various phases involved in the release of application updates in-line with a release model that the developer defines.
An administrator needs to manage access to specific AWS services for many IAM users and IAM groups in various operational departments. Which of the following is the most appropriate AWS service for an administrator to utilize? a. AWS Service Catalog b. IAM Roles c. IAM Policies d. AWS Organizations
a. AWS Service Catalog Correct Answer: A AWS Service Catalog is ideal in organizing, governing, distributing, and provisioning application stacks on AWS. These application stacks, called products, are created using AWS CloudFormation templates and can be grouped together to form portfolios. The administrator can then apply permissions and constraints for users and user groups to enable access to these products in a self-service manner.
The project team requires an AWS service that provides a filesystem simultaneously mounted from different instances for EC2. Which AWS service will satisfy this requirement? a. Amazon EFS b. Amazon S3 c. Amazon EBS d. Amazon FSx for Windows File Server
a. Amazon EFS Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. You can access your file systems across AZs and regions. You can also share files between thousands of Amazon EC2 instances and on-premise servers via AWS Direct Connect or AWS VPN.
Which pillar of the AWS Well-Architected Framework places emphasis on making informed decisions on the backgrop of processed data? a. Performance Efficiency Pillar b. BigData Management and Operations Pillar c. Information and Reliability Pillar d. Operational Excellence Pillar
a. Performance Efficiency Pillar Option A is CORRECT. The Performance Efficiency Pillar is one of the five AWS Well-Architected Framework pillars. Under this pillar, the focus is on the use of collected data, computing resources, and performance metrics to accurately meet the system's requirements. This extends to making informed decisions that improve the efficiency of the organization's implemented system within the AWS environment and meet the demands of technological evolution and changes.
Which of the below statements is incorrect with regards to the advantages of moving to cloud? a. Trade variable expense for capital expense b. Stop spending money running and maintaining data centers c. Benefit from massive economies of scale d. Go global in minutes
a. Trade variable expense for capital expense This statement is incorrect. The correct statement is, "Trade capital expense for variable expense".
Most up-to-the-minute information on AWS service availability could be determined from _______________. a. AWS Personal Health Dashboard b. AWS Service Health Dashboard c. Amazon CloudWatch d. AWS Control Tower
b. AWS Service Health Dashboard Option B is CORRECT, as AWS publishes most up-to-the-minute information on AWS service availability here.
An industry regulatory body requires a healthcare insurance company to administer cryptographic key management locally to ensure the safeguarding of sensitive patient data. How can the organization achieve this, given that all their workloads are in the cloud? a. AWS Key Management Service (KMS) b. AWS Certificate Manager (ACM) c. AWS CloudHSM d. Server-Side Encryption (SSE)
c. AWS CloudHSM Option C is CORRECT. AWS CloudHSM allows the administrator to have full and exclusive control over the generation and management of cryptographic keys on actual hardware security modules that are physically stored in AWS data centers.
Project team enhancing the security features of a banking application, requires implementing a threat detection service that continuously monitors malicious activities and unauthorized behaviors to project AWS accounts, workloads, and data stored in Amazon S3. Which AWS services should the project team select? a. AWS Shield b. AWS Firewall Manager c. AWS GuardDuty d. AWS Inspector
c. AWS GuardDuty Option C is CORRECT. Amazon GuardDuty is a threat detection service that continuously monitors malicious activities and unauthorized behaviors to protect your AWS accounts, workloads, and data stored in Amazon S3.
Which of the following support plans offer 24/7 technical support via phone, email, and chat access to Cloud Support Engineers? (Select TWO) a. Basic b. Developer c. Business d. Premium e. Enterprise
c. Business e. Enterprise 24/7 technical support via phone, email, and chat access to Cloud Support Engineers is available in the Business and Enterprise plans
Following the AWS Well-Architected Framework, how should a start-up company with a dynamic AWS environment manage their users? Choose TWO respnoses. a. Create multiple unique IAM users with administrator access for each functional group of the company b. Use of AWS CloudFront template versions and revision controls to keep track of the dynamic configuration changes c. Use of AWS Organizations with respective OUs that differentiate billing across the company's functions d. Implement the most stringent security measures on the VPC-edge rather than on the resource hosts e. Provisioning of resources and compute capacity that accommodates future growth
c. Use of AWS Organizations with respective OUs that differentiate billing across the company's functions d. Implement the most stringent security measures on the VPC-edge rather than on the resource hosts Options C and D are CORRECT. Under the Cost and Optimization pillar, a focal area is the analysis of cost-centers within the AWS environment and how they are distributed within functional groups or departments of the company. Streamlining cost areas. Composite billing into a single account in an AWS Organization is undesirable as it makes this aspect. To align with the AWS Well-Architected Framework Security Pillar, it is advantageous to filter unwanted traffic at VPC-edge rather than on the hosts. It is a best practice to drop undesirable packets before they enter the AWS environment.
During an internal audit exercise, auditors have requested the administrator to provide granular billing data for the main AWS account. The requirement is for the amount that a particular service accrued in an hour on the third day of a billing month. Can this information be obtained? a. Yes, by querying the Cost Explorer service with Billing and Cost Management b. No, it is not possible to obtain the information on an hourly basis in the Cost and Usage Report c. Yes, the administrator can obtain the information in the Cost and Usage Report d. Yes, the administrator can query CloudTrail on the day in question and infer the data against Cost Explorer
c. Yes, the administrator can obtain the information in the Cost and Usage Report Option C is CORRECT. The AWS Cost and Usage Report (CUR) service within Billing and Cost Management provides comprehensive billing data to the required level of detail - of incurred cost per service per hour on a specific date. This level of granularity is also possible with the Detailed Billing Reports (DBR) which will contain the same information, but with different permutations of the data.
The developers in the operations department want to use an IDE to run, test, and debug code for Lambda functions. Which AWS service is the most appropriate? a. AWS Lambda b. AWS CodeDeploy c. AWS CodeCommit d. AWS Cloud9
d. AWS Cloud9 Correct Answer: D The AWS Cloud9 service is the most approprate service to utilize on the given options to write code, typically for the components of microservices as well as run, test, and debug the code. AWS Cloud9 IDE is accessed via the web browser and has a customizable interface to suit the developer's preferred runtime and other preferences.
Which AWS product provides a unified user interface, enabling easy management of software development activities in one place, along with quick development, build, and deployment of applications on AWS? a. Amazon CodeGuru b. AWS CodeBuild c. AWS CodeArtifact d. AWS CodeStar
d. AWS CodeStar Option D is CORRECT. AWS CodeStar enables you to develop, build, and deploy applications on AWS quickly. AWS CodeStar provides a unified user interface, enabling you to manage your software development activities in one place easily.
Which of the below listed scenarios is not suitable for using the resource group for grouping resources? a. An application that has different phases, such as development, staging, and production b. A set of resources related to applications that run on a specific platform, such as Android or IOS c. Project managed by multiple departments or individuals d. AWS resources that are being used for different projects and are unrelated
d. AWS resources that are being used for different projects and are unrelated Option D is CORRECT as usage of resource groups would not be suitable
A start-up organization is using the cost explorer tool to view and analyze its costs and usages. which of the below statements are correct with regards to the cost explorer tool? (Select 2) a. Data is available for up to the last 24 months b. Provides forecast of the likely spend for the next six months c. Spot Instances to purchase are recommended d. Identifies areas that need further inquiry e. Provides trends that you can use to understand your costs
d. Identifies areas that need further inquiry e. Provides trends that you can use to understand your costs
An administrator would like to install and run the same CloudWatch Agent configuration on ten Amazon EC2 instances to collect custom metrics from them. What is the most efficient method to achieve this objective? a. Install a third-party deployment and automation application on one of the EC2 instances and then roll-out the CloudWatch Agent configuration onto the other nine EC2 instances b. Configure a single script with all the desired parameters for the CloudWatch Agent and then run it on each of the ten EC2 instances c. Install and configure AWS Systems Manager (SSM) on one of the EC2 instances, then configure CloudWatch Agent. The CloudWatch Agent configuration will then be rolled out to the nince EC2 instances using SSM. d. Install and configure the CloudWatch Agent on one of the EC2 instances, then write the CloudWatch Agent configuration to the parameter store of AWS Systems Manager (SSM). Install the CloudWatch Agent configuration from SSM onto the other nine EC2 instances
d. Install and configure the CloudWatch Agent on one of the EC2 instances, then write the CloudWatch Agent configuration to the parameter store of AWS Systems Manager (SSM). Install the CloudWatch Agent configuration from SSM onto the other nine EC2 instances. Correct Answer: D AWS Systems Manager (SSM) makes it possible to 'Run Command' to EC2 instances with the appropriate IAM role. In this case, the most efficient method for the administrator to achieve the objective is to configure the appropriate IAM role for the initial EC2. That will allow SSM to install the CloudWatch Agent. Once the CloudWatch Agent has been configured, the configuration can then be saved to the parameter store in SSM from where the other nine instances can be configured simultaneously.
Domain: Technology To maximize user satisfaction, you are asked to improve the performance of the application for local and global users. As part of the initiative, you must monitor the application endpoint health and route traffic to the most appropriate application endpoint. Which service will you prefer to use? A. Amazon Global Accelerator B. Amazon DAX Accelerator C. Amazon S3 Transfer Acceleration D. AWS Direct Connect
A. Amazon Global Accelerator AWS Global Accelerator is a networking service that utilizes AWS global network to optimize the "user to application" path. The performance benefits realized by the use of the Global Accelerator can be tested using a speed comparison tool provided by AWS. Global Accelerater differs from S3 Transfer Acceleration and DynamoDB accelerator. S3 Transfer Acceleration accelerates the transfers of files to the S3 bucket by utilizing edge locations. Fully managed DynamoDB Accelerator (DAX) is highly available in-memory cache for DynamoDB.
Domain: Security You company is planning to host a large e-commerce application on the AWS cloud. One of their major concerns is Internet attacks, such as DDoS attacks. Which of the following services can help mitigate this concern? Choose 2 answers from the options given below. A. CloudFront B. AWS Shield C. AWS EC2 D. AWS Config
A. CloudFront B. AWS Shield AWS offers globally distributed, high network bandwidth and resilient services that, when used in conjunction with application-specific strategies, are key to mitigating DDoS attacks.
Domain: Billing and Pricing Which of the following are attributes that determine the cost of On-Demand EC2 instances? Choose 3 answers from the options given below. A. Instance Type B. AMI Type C. Region D. Edge Location
A. Instance Type B. AMI Type C. Region
Domain: Technology What is the value of having AWS cloud services accessible through an Application Programming Interface (API)? A. It allows developers to work with AWS resources programmatically B. AWS resources will always be cost-optimized C. All application testing can be managed by AWS D. Customer-owned, on-premise infrastructure becomes programmable
A. It allows developers to work with AWS resources programmatically
Your development team is planning to host a development environment in the cloud. This consists of EC2 and RDS instances. This environment will probably only be required for 2 months. Which types of instances would you use for this purpose? A. On-Demand B. Spot C. Reserved D. Dedicated Hosts
A. On-Demand The best and cost effective option would be to use On-Demand Instances. The AWS documentation gives the following additional information on On-Demand EC2 Instances. With On-Demand instances, you only pay for EC2 instances you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs.
Which statements regarding VPC Peering is accurate? Select TWO A. Two VPCs in different AWS Regions and under separate AWS accounts can share traffic between each other B. For VPC Peering to work, each VPC should have a public subnet C. In VPC Peering, it is possible for traffic from one VPC to traverse through a transit VPC in order to reach a third one D. Traffic between VPC peers in different AWS Regions is not encrypted by default E. VPC Peering can be used to replicate data to geographically distinct locations for fault-tolerance, disaster recovery, and redundancy
A. Two VPCs in different AWS Regions and under separate AWS accounts can share traffic between each other. E. VPC Peering can be used to replicate data to geographically distinct locations for fault-tolerance, disaster recovery, and redundancy. VPC Peering can be established between VPCs in different AWS Regions and separate AWS accounts. The logical networks still use the same common AWS backbone network infrastructure to communicate. By utilizing this infrastructure, VPC Peering makes it possible to securely store mission-critical data to geographically distinct locations for fault-tolerance, disaster recover, and redundancy.
Which of the following statements best describes the AWS Personal Health Dashboard? (Select TWO) A. A concise representation of the general status of AWS services B. User-specific view on the availability and performance of AWS services, underlying their AWS resources C. A service that prompts the user with alerts and notifications on AWS scheduled activities, pending issues, and planned changes D. A minute-by-minute update of system outages and service errors on the AWS global infrastructure E. A rolling log of all service interruptions across the AWS network and records of incidents persistent for a year
B. User-specific view on the availability and performance of AWS services, underlying their AWS resources C. A service that prompts the user with alerts and notifications on AWS scheduled activities, pending issues, and planned changes The Personal Health Dashboard is a tool that shows the status of AWS services running the user-specific resources. It is a graphical representation that sends alerts, notifications of any personal pending issues, planned changes, and scheduled activities.
An administrator is looking to run their cloud infrastructure along best practice guidelines leveraging Amazon Inspector and AWS Trusted Advisor services. Which of the following statements correctly describes how this can be done? (Select TWO) A. Running Amazon Inspector service to provide and protect cloud infrastructure from threats regularly B. Adhering to the recommendations given in the main pillars of AWS Trusted Advisor, which are cost optimization, security, performance, fault-tolerance, and service limits C. Regularly running Amazon Inspector service on EC2 instances to get a concise list of security vulnerabilities and exposures to attack. D. AWS Trusted Advisor will highlight pending tasks to be resolved in only performance and cost optimization best practices whilst Amazon Inspector will alert the administrator of security vulnerabilities E. Amazon Inspector will highlight pending tasks to be resolved in only performance and cost optimization best practices whilst Amazon Inspector will alert the administrator of security vulnerabilities
C. Regularly running Amazon Inspector service on EC2 instances to get a concise list of security vulnerabilities and exposures to attack. D. AWS Trusted Advisor will highlight pending tasks to be resolved in only performance and cost optimization best practices whilst Amazon Inspector will alert the administrator of security vulnerabilities Amazon Inspector will asses AWS provisioned infrastructure for compliance and security vulnerabilities. AWS Trusted Advisor will provide real-time guidelines in best practice implementation and maintenance of AWS resources.
Domain: Billing and Pricing When using On-Demand instances in AWS, which of the following is a false statement when it comes to the costing for the instance? A. You pay no upfront costs for the instance B. You are charged per second based on the hourly rate C. You have to pay the termination fees if you terminate the instance D. You pay for as much as you use
C. You have to pay the termination fees if you terminate the instance You don't need to pay any termination fees when it comes to EC2 Instances.
Domain: Cloud Concepts In the AWS Environment, what is the difference between metadata and user data? a. Metadata is data about data, be it for a metric in CloudWatch or EC2 instance, whereas, user data is the information stored and generated by AWS customers b. Instance metadata are the defined parameters and attributes specified in instance configuration, whilst user data is information passed to the instance's operating system to automatically execute during boot time. c. User data is information generated by AWS customers within their AWS environment whereas metadata is the information accumulated against the respective AWS monitoring and performance services d. Instance metadata is static, it cannot be altered once it has been defined, whilst user data is information generated by AWS customers with their AWS environment which they are responsible for safeguarding
b. Instance metadata are the defined parameters and attributes specified in instance configuration, whilst user data is information passed to the instance's operating system to automatically execute during boot time. Correct Answer: B Instance metadata is the defined parameters and attributes specified in instance configuration. These parameters and attributes can include instance type (e.g., t2 micro) or storage type and size (e.g. EBS volume, 128 Gigabytes). User data is information that is passed to the instance's operating system to automatically execute during boot time. This can be to install or update a certain application software. On an instance running Linux operating system, this can be in the form of a bash script written in plaintext.