AWS Certified Cloud Practitioner - Course Questions

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

CloudFormation and Elastic Beanstalk are free of use.

TRUE CloudFormation and Elastic Beanstalk are free of use, but you do pay for the resources created.

Which of the following is an exabytes-scale data moving service in or out of AWS?

Snowmobile Snowmobile is used to move exabytes of data in or out of AWS (1 EB=1,000 PBs=1,000,000 TBs).

EBS Snapshots are added cost in GB per month.

True The added data storage by EBS Snapshots are added cost in GB per month to EBS pricing. Other EBS pricing factors are: Volume type, Provisioned storage volume, IOPS, etc.

You would like to connect hundreds of VPCs and your on-premises data centers together. Which AWS service allows you to do link all these together efficiently?

Transit Gateway Transit Gateway connects thousands of VPC and on-premises networks together in a single gateway.

A company would like to convert its documents into different languages, with natural and accurate wording. What should they use?

Translate Amazon Translate is a neural machine translation service that delivers fast, high-quality, and affordable language translation.

Which of the following is NOT an Auto Scaling Strategy?

Active Scaling This is not a scaling strategy. Auto Scaling Strategies include: Manual Scaling, Dynamic Scaling (Simple/Step Scaling, Target Tracking Scaling, Scheduled Scaling), and Predictive Scaling.

A company would like to create 3D applications for its customers. Which AWS service can it use?

Amazon Sumerian Amazon Sumerian is a managed service that lets you create and run 3D, Augmented Reality (AR) and Virtual Reality (VR) applications. You can build immersive and interactive scenes that run on AR and VR, mobile devices, and your web browser.

How long can you reserve an EC2 Reserved Instance?

1 or 3 years 1 year or 3 years terms are available for EC2 Reserved Instances.

Five Characteristics of Cloud Computing

1. On-demand self service 2. Broad network access 3. Resource pooling 4. Rapid elasticity 5. Measured service

Which fully managed service can deliver highly accurate forecasts?

Forecast

According to the Shared Responsibility Model, who is responsible for Patch Management?

AWS and the customer AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Shared Controls also includes Configuration Management, and Awareness and Training.

Which AWS serverless service can be used by developers to create APIs?

API Gateway Amazon API Gateway is a fully managed serverless service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.

Which of the following is NOT an AWS Partner Network (APN) type?

APN Service Partners This is a distractor. This type of AWS Partner Network does not exist. It is made up with words related to the AWS Partner Network.

Where can you find a third party's AMI so you can use it to launch your EC2 Instance?

AWS Marketplace AMIs You can use AWS Marketplace AMIs to use someone else's AMI.

What are Objects NOT composed of?

Access Keys Access Keys are used to sign programmatic requests to the AWS CLI or AWS API. Objects are composed of key, value, tags, version ID, and Metadata

Which of the following actions does NOT require the root user?

Access the billing dashboard This is an action that does not require the root user. By default, only the root user can access the billing dashboard, but you can attach a policy to an IAM user for it to access the billing dashboard

What is an EBS Volume tied to?

An availability zone EBS Volumes are tied to only one availability zone.

You would like to access desktop applications through a browser. Which AWS service would you use?

AppStream 2.0 Amazon AppStream 2.0 is a fully managed non-persistent application and desktop streaming service that provides users instant access to their desktop applications from anywhere.

Which Load Balancer is best suited for HTTP/HTTPS load balancing traffic?

Application Load Balancer Application Load Balancers are used for HTTP and HTTPS load balancing. They are the best-suited for this kind of traffic.

What is the main purpose of High Availability in the Cloud?

Applications thriving in case of a disaster High Availability means applications running at least in two AZs to survive a data center loss.

Where can you find on-demand access to AWS compliance documentation and AWS agreements?

Artifact AWS Artifact is your go-to, central resource for compliance-related information that matters to you.

Under the shared responsibility model, what is the customer responsible for in IAM?

Assigning users proper IAM Policies Customers are responsible for defining and using IAM policies.

Which AWS service is always serverless and has SQL capabilities?

Athena Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.

Which of the following statements is NOT a feature of Load Balancers?

Back-end autoscaling Load Balancers cannot help with back-end autoscaling. You should use Auto Scaling Groups.

Which of the following options is NOT a vertical scaling limit?

Better fault tolerance This is an advantage of horizontal scaling.

Where are objects stored in Amazon S3?

Buckets Buckets (folders) store objects (files) in Amazon S3

What is called the declaration of the AWS resources that make up a stack?

CloudFormation AWS CloudFormation templates are JSON or YAML-formatted text files. They are declarations of the AWS resources that make up a stack.

What does AWS CloudFront use to improve read performance?

Caching Content in Edge Locations CloudFront uses Edge Location to cache content, and therefore bring more of your content closer to your viewers to improve read performance.

A company would like to secure network communications using SSL & TLS certificates. Which AWS service can it use?

Certificate Manager (ACM) AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

A developer would like to deploy infrastructure on AWS but only knows Python. Which AWS service can assist him?

Cloud Development Kit (CDK) The AWS Cloud Development Kit (AWS CDK) is an open source software development framework to define your cloud application resources using familiar programming languages.

A new startup would like an online integrated development environment (IDE) to write, run, and debug code. Which AWS service can help with this task?

Cloud9 AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser.

Which of the following allows you to deploy any AWS Infrastructure as a Code?

CloudFormation AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. It allows you to deploy Infrastructure as a Code.

Which AWS service is the key to Operational Excellence?

CloudFormation CloudFormation is a key service to Operational Excellence as it prepares, operates, and evolves, but also performs operations as code

Which service allows you to inspect, audit, and record events and API calls made within your AWS account?

CloudTrail AWS CloudTrail is a web service that records activity made on your account and delivers log files to your Amazon S3 bucket. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

Which of the following options can provide up to 66% discount compared to On-demand for a commitment to a consistent amount of usage for 1 or 3 years and offers the possibility to change EC2 instances family type?

Compute Savings Plans Compute Savings Plans provide the most flexibility and help to reduce your costs by up to 66% in exchange for a commitment to a consistent amount of usage for a 1 or 3 year term. These plans automatically apply to EC2 instance usage regardless of instance family, size, AZ, region, OS or tenancy, and also apply to Fargate or Lambda usage.

Which are the 3 pricing fundamentals of the AWS Cloud?

Compute, Storage, and data transfer OUT OF the AWS Cloud are the 3 pricing fundamentals of the AWS Cloud.

You want to record configurations and changes over time. Which service allows you to do this?

Config AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

AWS Cost Explorer and AWS Trusted Advisor are services examples of which Well-Architected Framework pillar?

Cost Optimization AWS Cost Explorer and AWS Trusted Advisor are Cost Optimization services examples. It also includes AWS Budgets, Cost and Usage Reports, etc.

Data sitting on an RDS instance would be referred to as?

Data at rest Data at rest means data stored or archived on a device.

Which of the following is NOT a pricing factor in S3?

Data transfer into S3 Inbound data transfer in the S3 region is free.

Which AWS service can be used to test your application across real desktop browsers and mobile devices?

Device Farm AWS Device Farm is an application testing service that lets you improve the quality of your web and mobile apps by testing them across an extensive range of desktop browsers and real mobile devices; without having to provision and manage any testing infrastructure.

Which exclusive DynamoDB feature is an in-memory cache that can improve your performance up to 10x?

DynamoDB Accelerator Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for Amazon DynamoDB that delivers up to a 10 times performance improvement—from milliseconds to microseconds—even at millions of requests per second.

DynamoDB

DynamoDB is a fast and flexible non-relational database service for any scale. It is serverless but does not have SQL capabilities

Which service is referred to as a Platform as a Service (PaaS)?

Elastic Beanstalk Elastic Beanstalk is a Platform as a Service (PaaS). You only manage data and applications. AWS Elastic Beanstalk makes it even easier for developers to quickly deploy and manage applications in the AWS Cloud

Where should you store your private Docker images so they can be run by ECS or Fargate?

Elastic Container Registry Elastic Container Registry (ECR) is a service where you store your Docker image so they can be run by ECS or Fargate.

You would like to convert an S3 file so it can be played on users' devices. Which AWS service can help?

Elastic Transcoder Amazon Elastic Transcoder is media transcoding in the cloud. It is used to convert media files from their source format into versions that will play back on devices like smartphones, tablets, and PCs.

Which of the following is a fully managed native Microsoft Windows file system?

FSx Amazon FSx makes it easy and cost effective to launch and run popular file systems that are fully managed by AWS. It comes in two offerings: FSx for Windows File Server (used for business applications), and FSx for Lustre (used for high-performance computing).

You can perform any kind of penetration testing on any AWS service without prior approval.

False Penetration Testing is allowed without prior approval on 8 services. DDoS, port flooding and protocol flooding are examples of prohibited activities.

Testing recovery procedures, stopping guessing capacity, and managing changes in automation are design principles of Performance Efficiency.

False Testing recovery procedures, stopping guessing capacity, and managing changes in automation are design principles of Reliability. Performance Efficiency design principles include: democratize advanced technologies, go global in minutes, use serverless architecture, experiment more often, mechanical sympathy.

AWS Trusted Advisor can provide guidance against the 5 Well-Architected pillars and architectural best practices.

False The AWS Well-Architected Tool helps you review the state of your workloads and compares them to the latest AWS architectural best practices. It is based on the 5 pillars of the Well-Architected Framework (Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization). AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices (Cost Optimization, Performance, Security, Fault Tolerance, and Service Limits).

When you reserve, the larger the upfront payment, the smaller the discount.

False, the larger the upfront, the bigger the discount When the upfront payment is higher, the discount is bigger.

You would like a serverless service to launch Docker containers with no infrastructure to provision. Which AWS service should you use?

Fargate Fargate allows you to launch Docker containers on AWS, and you don't need to provision and maintain the infrastructure (=no EC2 instances to manage). It is serverless.

You would like to use a serverless service to prepare data so it can be loaded for analytics. Which service would you use?

Glue AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics.

Which of the following are design principles of Performance Efficiency?

Go global in minutes & experiment more often Performance Efficiency design principles include: democratize advanced technologies, go global in minutes, use serverless architecture, experiment more often, mechanical sympathy.

Which principle should you apply regarding IAM Permissions?

Grant least privilege That's right! Don't give more permissions than the user needs.

Your VPC needs to connect with the Internet. Which VPC component can help?

Internet Gateway An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

Which AWS service is serverless and lets you connect billions of devices to the AWS Cloud?

IoT Core AWS IoT Core lets you securely connect IoT devices to the AWS Cloud and other devices without the need to provision or manage servers.

Which statement is CORRECT regarding EC2 Instance Store?

It has a better I/O performance, but the data is lost if the EC2 Instance is terminated EC2 Instance Store has a better I/O performance, but data is lost if: the EC2 instance is stopped or terminated, or when the underlying disk drive fails.

A developer would like to build, train, and deploy a machine learning model quickly. Which service can he use?

SageMaker Amazon SageMaker is a fully managed service that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker removes the heavy lifting from each step of the machine learning process to make it easier to develop high quality models.

Which of the following statements is NOT a reason for a global application?

Scale elastically on demand A global application is not specifically used to scale elastically on demand. You can use Auto Scaling Groups for example if you want to elastically scale based on demand.

Which AWS service's ONLY role is to safeguard running applications from DDoS attacks?

Shield Shield is only used to safeguard running applications from DDoS attacks.

Which of the following statements is TRUE?

The AWS CLI can interact with AWS using commands in your command-line shell, while the AWS SDK can interact with AWS programmatically.

With which services does CloudFront integrate to protect against web attacks?

WAF & Shield You can use AWS WAF web access control lists (web ACLs) to help minimize the effects of a distributed denial of service (DDoS) attack. For additional protection against DDoS attacks, AWS also provides AWS Shield Standard and AWS Shield Advanced.

Which service is optimized to deploy ultra-low latency applications to 5G devices?

Wavelength AWS Wavelength is an AWS Infrastructure offering optimized for mobile edge computing applications. Wavelength combines the high bandwidth and ultra-low latency of 5G networks with AWS compute and storage services to enable developers to innovate and build a whole new class of applications.

If a resource is deleted in AWS, which service should you use to investigate first?

CloudTrail CloudTrail can record the history of events/API calls made within you AWS account, which will help determine who or what deleted the resource. You should investigate it first.

Which cloud monitoring feature can you use to detect unusual activity in your account such as inaccurate resource provisioning or hitting service limits?

CloudTrail Insights AWS CloudTrail Insights helps AWS users identify and respond to unusual activity associated with write API calls by continuously analyzing CloudTrail management events.

You need to set up metrics monitoring for every service in AWS. Which service would you use?

CloudWatch Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms.

Which CloudWatch feature would you use to trigger notifications when a metric reaches a threshold you specify?

CloudWatch Alarms The CloudWatch Alarms feature allows you to watch CloudWatch metrics and to receive notifications when the metrics fall outside of the levels (high or low thresholds) that you configure.

Which of the following services can a developer use to store code dependencies?

CodeArtifact AWS CodeArtifact is a fully managed artifact repository (also called code dependencies) service that makes it easy for organizations of any size to securely store, publish, and share software packages used in their software development process.

Which serverless service can be used to build code and run tests?

CodeBuild AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don't need to provision, manage, and scale your own build servers, it is serverless.

Which AWS service automatically analyzes code and provides performance recommendations?

CodeGuru Which AWS service automatically analyzes code and provides performance recommendations?

Which service is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?

GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.

Which answer is INCORRECT regarding IAM Users?

IAM Users access AWS with the root account credentials IAM Users access AWS using a username and a password.

Which services are free to use in AWS?

IAM, VPC, Consolidated Billing, and Elastic Beanstalk These services are free to use. Be careful, the resources created in Elastic Beanstalk (as well as in CloudFormation and Auto Scaling Groups) are not free.

You would like to migrate databases to AWS while still being able to use the database during the migration. What service allows you to do this?

Database Migration Service (DMS) AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database.

Which of the following statements is NOT a feature of AWS Lambda?

Definition of a minimum and a maximum of EC2 Instances running This is a feature of Auto Scaling Groups, not AWS Lambda. Integration with the whole AWS suit of services Virtual functions Automated and continuous scaling

Which of the following services can you use to discover and protect your sensitive data in AWS?

Macie Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS, such as personally identifiable information (PII) or intellectual property. This was discussed in Lecture 193: Macie Overview

You want to create a decentralized blockchain on AWS. Which AWS service would you use?

Managed Blockchain Amazon Managed Blockchain is a fully managed service that makes it easy to create and manage scalable blockchain networks using the popular open source frameworks Hyperledger Fabric and Ethereum. It allows multiple parties to execute transactions without the need of a trusted, central authority.

A company would like to implement a chatbot that will convert speech-to-text and recognize the customers' intentions. What service should it use?

Lex

Which type of firewall has both ALLOW and DENY rules and operates at the subnet level?

Network Access Control List (NACL) A network access control list (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. They have both ALLOW and DENY rules.

Which AWS service provides alerts and remediation guidance when AWS is experiencing events that may impact you?

Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.

A start-up would like to rapidly create customized user experiences. Which AWS service can help?

Personalize Amazon Personalize is a machine learning service that makes it easy for developers to create individualized recommendations for customers using their applications.

Which RDS pricing option is the most cost-effective if you need capacity for 3 years?

Reserved Instances Reserved Instances are good and more cost-effective (up to 69% discount compared to On-demand pricing, depending on the upfront) for long workloads. You can reserve instances for 1 or 3 years in RDS.

Which AWS service is an immutable ledger database?

QLDB Amazon QLDB is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority. Amazon QLDB tracks each and every application data change and maintains a complete and verifiable history of changes over time.

Which pricing model allows you to minimize risks, predictably manage budgets, and comply with long-term requirements, and is available for EC2, DynamoDB, ElastiCache, RDS, and Redshift?

Save when you reserve Reservations are available for EC2 Reserved Instances, DynamoDB Reserved Capacity, ElastiCache Reserved Nodes, RDS Reserved Instance, Redshift Reserved Nodes. Reservations allow you to minimize risks, predictably manage budgets and comply with long-term requirements.

You need a logically isolated section of AWS, where you can launch AWS resources in a private network that you define. What should you use?

A VPC A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.

How would you describe Amazon CloudWatch Logs?

A single, highly scalable service that centralizes the logs from all of your systems, applications, and AWS services that you use You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources.

Which service can be used to run AWS infrastructure and services on-premises for a hybrid cloud architecture?

AWS Outpost AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility.

A company needs to have a private, secure, and fast connection between its on-premises data centers and the AWS Cloud. Which connection should they use?

AWS Direct Connect AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated private network connection from your premises to AWS.

According to the Shared Responsibility Model, who is responsible for protecting hardware?

AWS AWS is responsible for protecting hardware. AWS is responsible for "Security OF the Cloud". AWS is also responsible for the infrastructure that runs all services in the AWS Cloud, etc.

What are AMIs NOT used for?

Add your own IP addresses You cannot use AMIs to add your IP addresses. IP addresses are added to an instance as you create it.

Which AWS service lets you quickly find the root of potential security issues to take faster actions?

Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.

What can you use to handle quickly and automatically the changing load on your websites and applications by adding compute resources?

An Auto Scaling Group Explanation: An Auto Scaling Group (ASG) can automatically and quickly scale-in and scale-out to match the changing load on your applications and websites. NOT: An Elastic Load Balancer which is used to spread the load across downstream instances, not handling quickly and automatically the changing load on your applications and websites.

What is a proper definition of IAM Roles?

An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services Some AWS service will need to perform actions on your behalf. To do so, you assign permissions to AWS services with IAM Roles.

A research team would like to group articles by topics using Natural Language Processing (NLP). Which service should they use?

Comprehend Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find meaning and insights in text.

Which features are available with Route 53?

Domain Registration, DNS, Health Checks, Routing Policy Route 53 features are (non exhaustive list): Domain Registration, DNS, Health Checks, Routing Policy

CloudEndure Disaster Recovery is used to centrally automate backups across AWS services while AWS Backup is used to quickly and easily recover servers into AWS.

FALSE AWS Backup is a centralized backup service that makes it easy and cost-effective for you to backup your application data across AWS services in the AWS Cloud. CloudEndure Disaster Recovery minimizes downtime and data loss by providing fast, reliable recovery into AWS of your physical, virtual, and cloud-based servers.

CodeStar can orchestrate the different steps to have code automatically pushed to production, while CodePipeline is a unified UI to easily manage software development activities in one place.

FALSE AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodeStar is used to quickly develop, build, and deploy applications on AWS with a unified user interface.

You should use Amazon Transcribe to turn text into lifelike speech using deep learning.

FALSE Amazon Transcribe is an AWS service that makes it easy for customers to convert speech-to-text. Amazon Polly is a service that turns text into lifelike speech.

CloudFront pricing is the same in every geographic region.

FALSE CloudFront pricing is different across different geographic regions.

Auto Scaling in EC2 and DynamoDB are examples of

Horizonal scaling Auto Scaling in EC2 allows you to have the right number of instances to handle the application load. Auto Scaling in DynamoDB automatically adjusts read and write throughput capacity, in response to dynamically changing request volumes, with zero downtime. These are both examples of horizontal scaling.

Which of the following services has a global scope?

IAM IAM is a global service (encompasses all regions).

Which of the following is an IAM Security Tool?

IAM Credentials Report (and Access Advisor) IAM Credentials report lists all your account's users and the status of their various credentials. The other IAM Security Tool is IAM Access Advisor. It shows the service permissions granted to a user and when those services were last accessed.

A company would like to automate security on EC2 instances to assess security and vulnerabilities in these instances. Which AWS service should it use?

Inspector Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It helps you test the network accessibility of your Amazon EC2 instances and the security state of your applications running on the instances.

Which of the following services is managed by AWS and is used to manage encryption keys?

KMS (Key Management System) AWS KMS is a managed service that enables you to easily create and control the keys used for cryptographic operations. It is managed by AWS.

Which of the following services is a document search service powered by machine learning?

Kendra Amazon Kendra is a highly accurate and easy to use enterprise search service that's powered by machine learning.

Which of the following options is NOT a situation where you should contact the AWS Abuse team?

Losing your MFA device This is not a situation where you should contact the AWS Abuse team. The situations where you should contact the AWS Abuse team are: Spam, Port scanning, DoS or DDoS attacks, Intrusion attempts, Hosting objectionable or copyrighted content, Distributing malware.

Your private subnets need to connect to the Internet while still remaining private. Which AWS-managed VPC component allows you to do this?

NAT Gateways NAT Gateways allow your instances in your private subnets to access the Internet while remaining private, and are managed by AWS.

You need to use Chef or Puppet. Which AWS service should you use?

OpsWorks AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.

You are running an on-demand Linux EC2 instance, what timing is applied regarding billing?

Pay per second With Linux EC2 instances, you pay per second of compute capacity. There is also a minimum of 60s of use.

You would like to find objects, people, text, or scenes in images and videos. What AWS service should you use?

Rekognition Amazon Rekognition makes it easy to add image and video analysis to your applications using proven, highly scalable, deep learning technology that requires no machine learning expertise to use.

Implementing Security Groups, NACLs, KMS, or CloudTrail reflects which Well-Architected Framework Pillar?

Security The Security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Which network security tool can you use to control traffic in and out of EC2 Instances?

Security Groups Security Groups operate at instance level and can control traffic.

You want to centrally automate security checks across several AWS accounts. Which AWS service can you use?

Security Hub AWS Security Hub provides you with a comprehensive view of your security state within AWS and your compliance with security standards and best practices.

What defines the distribution of responsibilities for security in the AWS Cloud?

The Shared Responsibility Model

According to the Shared Responsibility Model, who is responsible for firewall and network configuration for EC2 Instances?

The customer The customer is responsible for firewall and network configuration. Customers are responsible for "Security IN the Cloud". It also includes server-side encryption, client-side data protection, customer data protection, etc.

Which of the following statements is INCORRECT regarding the definition of the term "serverless"?

There are no servers Serverless does not mean that there are no servers, you just do not manage, provision and see them, but they do exist. Serverless allows you to deploy functions as a service You don't need to manage servers Lambda is the serverless pioneer

Which AWS service makes it easy to convert speech-to-text?

Transcribe Amazon Transcribe is an AWS service that makes it easy for customers to convert speech-to-text.

A company needs two VPCs to communicate with each other. What can they use?

VPC Peering VPC Peering connection is a networking connection between two VPCs using AWS' network.

A company would like to protect its web applications from common web exploits that may affect availability, compromise security, or consume excessive resources. Which AWS service should they use?

Web Application Firewall AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.

Which Route 53 Routing Policies would you use to route traffic to multiple resources in proportions that you specify?

Weighted Routing Policy Weighted Routing Policy is used to route traffic to multiple resources in proportions that you specify.

A hybrid company would like to provision desktops to their employees so they can access securely both the AWS Cloud and their data centers. Which AWS service can help?

WorkSpaces Amazon WorkSpaces is a fully managed, secure cloud desktop service. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.

Which AWS service helps developers analyze and debug production as well as distributed applications?

X-Ray AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture.

A public subnet is accessible from the Internet while a private subnet is not accessible from the Internet.

Yes A public subnet is accessible from the Internet while a private subnet is not accessible from the Internet.

What is an EBS Snapshot?

A backup of your EBS Volume at a point in time EBS Snapshots are used to backup data on your EBS Volumes at a point in time.

Which AWS service offers easy horizontal scaling of compute capacity?

ASG Auto Scaling Groups (ASG) offers the capacity to scale-out and scale-in by adding or removing instances based on demand.

Which of the following is NOT an EC2 Instance Purchasing Option?

Connect Instances This EC2 Instance purchasing option does not exist.

Which EC2 Purchasing Option can provide the biggest discount, but is not suitable for critical jobs or databases?

Spot Instances Spot Instances are good for short workloads, but are less reliable.

What hybrid AWS service is used to allow on-premises servers to seamlessly use the AWS Cloud at the storage layer?

Storage Gateway AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.

Which relational database is a proprietary technology from AWS and is cloud-optimized?

Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. It is a proprietary technology from AWS.

Aurora

Amazon Aurora is a relational database engine that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. It has SQL capabilities but it is not necessarily serverless.

Which S3 Storage Class is the most cost-effective for archiving data with no retrieval time requirement?

Amazon Glacier Deep Archive Amazon Glacier Deep Archive is the most cost-effective option if you want to archive data and do not have a retrieval time requirement. You can retrieve data in 12 or 48 hours.

A complete cloud beginner would like to create a simple application with predictable pricing. What service should this person use?

Amazon Lightsail Amazon Lightsail is designed to be the easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project - a virtual machine, SSD- based storage, data transfer, DNS management, and a static IP address - for a low, predictable price. It can be used to create a simple web application, a website or a dev/test environment.

Which S3 Storage Class is suitable for less frequently accessed data, but with rapid access when needed, while keeping a high durability and allowing an Availability Zone failure?

Amazon S3 Standard - Infrequent Access Amazon S3 Standard-Infrequent Access allow you to store infrequently accessed data, with rapid access when needed, has a high durability, and is stored in several Availability Zones to avoid data loss in case of a disaster. It can be used to store data for disaster recovery, backups, etc.

Which of the following statements is INCORRECT regarding Auto Scaling Groups?

Automatically changing the EC2 Instances Types Auto Scaling Groups can add or remove instances, but from the same type. They cannot change the EC2 Instances Types on the fly.

Which Global Infrastructure identity is composed of one or more discrete data centers with redundant power, networking, and connectivity, and are used to deploy infrastructure?

Availability Zones

A company needs to run thousands of jobs but would like to NOT manage the compute resources. What service can it use?

Batch AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory-optimized instances) based on the volume and specific resource requirements of the batch jobs submitted.

Which of the following options is NOT a point of consideration when choosing an AWS Region?

Capacity availability Capacity is unlimited in the cloud, you do not need to worry about it. The 4 points of considerations when choosing an AWS Region are: (1) Compliance with data governance and legal requirements, (2) proximity to customers, (3) available services and features within a Region, and (4) pricing.

Regions

Cluster of data centers Consider compliance, proximity, available services, and pricing when choosing a region

A developer team would like to collaborate on code with versioning support. Which AWS service can help the developers?

CodeCommit AWS CodeCommit is a secure, highly scalable, managed source control service that makes it easier for teams to collaborate on code. It also provides software version control.

Which AWS managed service allows to automate software deployments to a hybrid mix of EC2 Instances and On-Premises servers?

CodeDeploy AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises.

A company would like to deploy a high-performance computing (HPC) application on EC2. Which EC2 instance type should it choose?

Compute Optimized Compute Optimized EC2 instances are great for compute-intensive workloads requiring high performance processors, such as batch processing, media transcoding, high performance web servers, high performance computing, scientific modeling & machine learning, and dedicated gaming servers.

Which of the following is NOT one of the Five Characteristics of Cloud Computing?

Dedicated Support Agent to help deploy applications

What is the name of the software development platform that allows you to run applications the same way, regardless of where they are run?

Docker is a software development platform that allows you to run applications the same way, regardless of where they are run. It can scale containers up and down within seconds.

A company would like to set up a fully managed MongoDB database. Which AWS database is best-suited for this task?

DocumentDB Amazon DocumentDB (with MongoDB compatibility) is a fast, calable, highly available, and fully managed document database service that supports MongoDB workloads.

Which of the following is an IAM best practice?

Don't use the root user account You only want to use the root account to create your first IAM user, and for a few account and service management tasks. For every day and administration tasks, use an IAM user with permissions.

You would like to set up a NoSQL database that can scale with no downtime and can handle millions of requests per second. Which AWS database is best suited for this work?

DynamoDB DynamoDB is a fast and flexible non-relational database service for any scale. It can scale with no downtime, it can process millions of requests per second, and is fast and consistent in performance.

Which service can be used to automate image management processes?

EC2 Image Builder EC2 Image Builder is an automated pipeline for the creation, maintenance, validation, sharing, and deployment of Linux or Windows images for use on AWS and on-premises.

Which AWS service allows you to launch Docker containers on AWS, but requires you to provision and maintain the infrastructure?

ECS ECS allows you to launch Docker containers on AWS, but you must provision and maintain the infrastructure (i.e. EC2 instances).

Which EC2 Storage would you use to create a shared network file system for your EC2 Instances?

EFS Amazon EFS is a fully managed service that makes it easy to set up, scale, and cost-optimize file storage in the Amazon Cloud.

How can you create Hadoop clusters to analyze and process a vast amount of data?

EMR Amazon EMR is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. EMR helps creating Hadoop clusters (Big Data) to analyze and process vast amount of data

Which in-memory AWS database can you use to reduce the load off databases and has high performance, low latency?

ElastiCache Amazon ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. ElastiCache caches are in-memory databases with high performance, low latency. They help reduce load off databases for read intensive workloads.

ECS, Fargate, and ECR

Elastic Container Service: Service must provision and maintain the infrastructure (EC2 instances) yourself Launch Docker containers on AWS AWS takes Fargate: Launches docker containers on AWS You do not provision the infrastructure (o EC2 instances to manage) its simpler! AWS runs containers for you based on the CPU/RAM you need Elastic Container Registry: Private Docker Registry on AWS Store Docker images so they can be run by ECS or Fargate

CodeStar can be used to monitor and check the health of an environment.

ElasticBeanstalk CodeStar is used to quickly develop, build, and deploy applications on AWS. Elastic Beanstalk can be used to monitor and to check the health of an environment.

What should you do to increase your root account security?

Enable Multi-Factor Authentication (MFA)

What is the name of a central repository to store structural and operational metadata for data assets in AWS Glue?

Glue Data Catalog The AWS Glue Data Catalog is a central repository to store structural and operational metadata for all your data assets. For a given data set, you can store its table definition, physical location, add business relevant attributes, as well as track how this data has changed over time.

How would you best describe "event-driven" in AWS Lambda?

Happens when needed "Event-driven" in Lambda means that functions are invoked when needed. They are triggered.

A company would like to benefit from the advantages of the Public Cloud but would like to keep sensitive assets in its own infrastructure. Which deployment model should the company use?

Hybrid Cloud Using a Hybrid Cloud deployment model allows you to benefit from the flexibility, scalability and on-demand storage access while keeping security and performance on your own infrastructure

What are IAM Policies?

JSON documents to define Users, Groups or Roles' permissions An IAM policy is an entity that, when attached to an identity or resource, defines their permissions.

What can you use to define actions to move S3 objects between different storage classes?

Lifecycle Rules Lifecycle Rules can be used to define when S3 objects should be transitioned to another storage class or when objects should be deleted after some time.

AWS Systems Manager

Most important features: Patching automation for enhanced compliance Run commands across an entire fleet or servers Store parameter configuration with the SSM Parameter Store Works both on Windows and Linux OS

Which AWS service can create complex graphs for fraud detection?

Neptune Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. It can be used for knowledge graphs, fraud detection, recommendations engines, social networking, etc.

Which AWS offered Load Balancer should you use to handle hundreds of thousands of connections with low latency?

Network Load Balancer Explanation: A Network Load Balancer can handle millions of requests per second with low-latency. It operates at Layer 4, and is best-suited for load-balancing TCP, UDP, and TLS traffic with ultra high-performance. NOT: Application Load Balancer which is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. It operates at Layer 7. It is not suited for extreme performance.

Which of the following is the definition of Cloud Computing?

On-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user

What is the pricing model of Cloud Computing?

Pay as you go pricing In Cloud Computing, you are only charged for what you use

How do you get charged in AWS Lambda?

Per call and per duration In AWS Lambda, you are charged per request and compute time, that's it.

You ONLY want to manage Applications and Data. Which type of Cloud Computing model should you use?

Platform as a Service (PaaS) In the Platform as a Service model, you only manage the data and applications

Which AWS serverless service can use machine learning-powered business intelligence to create interactive dashboards such as business analytics?

QuickSight Amazon QuickSight is a fast, cloud-powered business intelligence (BI) service that makes it easy for you to deliver insights to everyone in your organization. You can create and publish interactive dashboards.

Which of the following databases is a managed service with SQL capability suited for Online Transaction Processing (OLTP)?

RDS (Relational Database Service) Amazon Relational Database Service (Amazon RDS) is a SQL managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It is suited for OLTP workloads

Which AWS database is a data warehouse?

Redshift Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud.

Auto Scaling Groups

Replace unhealthy instances Are cost-effective by running at optimal capacity Automatically register new instances to a load balancer

Which EC2 Purchasing Option should you use for an application you plan on running on a server continuously for 1 year?

Reserved Instances Reserved Instances are good for long workloads. You can reserve instances for 1 or 3 years.

What is NOT authorized to do on AWS according to the AWS Acceptable Use Policy?

Run analytics on stolen content You can run analytics on AWS, but you cannot run analytics on fraudulent content. Refer to the AWS Acceptable Use Policy to see what is not authorized to do on AWS.

Which S3 feature should you use if you want to make sure that a policy will no longer be changed?

S3 Glacier Vault Lock S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. You can specify controls such as "write once read many" (WORM) in a vault lock policy and lock the policy from future edits. Once locked, the policy can no longer be changed.

You need to enable fast, easy, and secure transfers of files over long distances on S3. Which service would you use?

S3 Transfer Acceleration Amazon enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

Which of the following services is a petabyte-scale data moving service (as a fleet) in or out of AWS with computing capabilities?

Snowball Edge Snowball Edge is best-suited to move petabytes of data and offers computing capabilities. Be careful, it's recommended to use a fleet of Snowballs to move less than 10PBs of data. Over this quantity, it's better-suited to use Snowmobile.

A non-profit organization needs to regularly transfer petabytes of data to the cloud and to have access to local computing capacity. Which service can help with this task?

Snowball Edge - Storage Optimized Snowball Edge Storage Optimized devices are well suited for large-scale data migrations and recurring transfer workflows, as well as local computing with higher capacity needs.

A research team deployed in a location with low-internet connection would like to move 5 TBs of data to the Cloud. Which service can it use?

Snowcone AWS Snowcone is a small, portable, rugged, and secure edge computing and data transfer device. It provides up to 8 TB of usable storage.

You need a unified user interface that gives you visibility, control, and patching capabilities for your EC2 Instances on AWS, as well as for servers running in your on-premises data centers. Which service should you use?

Systems Manager AWS Systems Manager gives you visibility and control of your infrastructure on AWS. It is used for patching systems at scale.

Under the Shared Responsibility Model, who is responsible for operating-system patches and updates on EC2 Instances?

The customer The customer is responsible for operating-system patches and updates on EC2 Instances, as well as data security on the instances, Security Groups rules, etc.

Which of the following is NOT an advantage of Cloud Computing?

Train your employees less You must train your employees more so they can use the cloud effectively.

An EBS Volume is a network drive you can attach to your instances while they run, so your instances' data persist even after their termination.

True EBS Volumes allows instances' data to persist even after their termination.

EBS Volumes CANNOT be attached to multiple EC2 instances at a time.

True EBS Volumes can be attached to only one EC2 Instance at a time, but EC2 Instances can have multiple EBS Volumes attached to them.

RDS Multi-AZ deployments' main purpose is high availability, while RDS Read replicas' main purpose is scalability.

True RDS Multi-AZ deployments' main purpose is high availability, and RDS Read replicas' main purpose is scalability. Moreover, Multi-Region deployments' main purpose is disaster recovery and local performance.

AWS Regions are composed of?

Two or more Availability Zones AWS Regions consist of multiple, isolated, and physically separate Availability Zones within a geographic area.

Changing an EC2 Instance Type from a t3a.medium to a t3a.2xlarge is an example of?

Vertical scaling Vertical scaling means increasing the size of the instance. Changing from a t3a.medium to a t3a.2xlarge is an example of size increase.


Kaugnay na mga set ng pag-aaral

Environmental Science Chapter 15

View Set

L11 Compression, System Backup, and Software Installation

View Set