AWS Cloud Practitioner Practice Questions

Which services are integrated with KMS encryption? (choose 2) 1. Amazon RDS 2. Amazon EC2 3. Amazon EBS 4. Amazon SWF 5. Amazon CloudFormation

*Amazon RDS and Amazon EBS*

Which AWS service is primarily used for software version control? 1. Amazon CodeCommit 2. Amazon CodeStar 3. Amazon Cloud9 4. Amazon CodeDeploy

*1. CodeCommit: fully-managed source control service, like Git* 2. CodeStar: easily manage software dev in one place 3. Cloud9: cloud-based IDE 4. CodeDeploy: deployment service

Which service allows you to automatically expand and shrink your application in response to demand? 1. AWS ElastiCache 2. Amazon Elastic Load Balancing 3. AWS Auto Scaling 4. Amazon DynamoDB

*AWS Auto Scaling, adds or removes EC2 instances to ensure the right amount* ELB distributes incoming requests to EC2 instances, can be used with Auto Scaling ElastiCache provides in-memory cache and DB services DynamoDB is a NoSQL DB

Which tool enables you to visualize your usage patterns over time and to identify your underlying cost drivers? 1. AWS Simple Monthly Calculator 2. Total Cost of Ownership (TCO) 3. AWS Cost Explorer 4. AWS Budgets

*AWS Cost Explorer, free tool that allows you to view charts of your costs for past 13 months, forecast costs for next three months* TCO allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premised data center AWS Simple Monthly Calculator helps customers and prospects estimate their monthly AWS bill more efficiently AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount

Which service can be used to help you to migrate databases to AWS quickly and securely? 1. AWS KMS 2. AWS SMS 3. AWS DMS 4. AWS Migration Hub

*AWS DMS (Database Migration Service)* SMS (Server Migration Service), migrate thousands of on-premises workloads to AWS KMS (Key Management Service), encryption keys Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions

Which AWS service is use to enable multi-factor authentication? 1. Amazon STS 2. Amazon IAM 3. Amazon EC2 4. AWS KMS

*AWS IAM, used to securely control individual and group access to AWS resources* STS (Security Token Service) enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users) KMS (Key Management Service) makes it ways to you to create and control the encryption keys used to encrypt your data EC2 is used to running OS instances in the cloud

Which service allows you to run code as functions without needing to provision or manage servers? 1. Amazon EC2 2. Amazon CodeDeploy 3. AWS Lambda 4. Amazon EKS

*AWS Lambda* CodeDeploy automates software deployments to a variety of compute services and on-premise servers

Which AWS service can an organization use to automate operational tasks on EC2 instances using existing Chef cookbooks? 1. AWS OpsWorks 2. AWS Service Catalog 3. AWS Config 4. AWS CodeDeploy

*AWS OpsWorks* Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resource CodeDeploy automates software deployments

A company would like to maximize their potential volume and RI discounts across multiple accounts and also apply service control policies on member accounts. What can they use to gain these benefits? 1. AWS Budgets 2. AWS Cost Explorer 3. AWS IAM 4. AWS Organizations

*AWS Organizations* Enables you to create groups of AWS accounts and then centrally manage policies across those accounts Provides consolidated billing in both feature sets Volume pricing discounts can be applied to resources

Which AWS service allows you to use block-base volumes on-premise that are then asynchronously backed up to Amazon S3? 1. AWS Storage Gateway File Gateway 2. AWS Storage Gateway Volume Gateway 3. Amazon S3 Multi-Part upload 4. Amazon S3 Transfer Acceleration

*AWS Storage Gateway Volume Gateway* Operates in 2 modes: 1. Stored Volume mode - entire dataset is stored on-site and is asynchronously backed up to S3, snapshots are incremental and compressed 2. Cached Volume mode - entire dataset is stored on S3 and a cache of the most frequently access data is cached on-site Storage Gateway File Gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in S3 Multi-part upload and transfer acceleration are features of S3 associated with uploading files directly to S3

What can you use to quickly connect your office securely to your Amazon VPC? 1. Route Table 2. Internet Gateway 3. Direct Connect 4. AWS managed VPN

*AWS managed VPN* Direct Connect provides high-bandwidth, low-latency connectivity but takes weeks to months to setup (much more expensive too) An Internet Gateway is used to connect a public subnet to the Internet A Route Table is part of a VPS and is used to control how traffic is routed within the VPC

The IAM service can be used to manage which objects? (choose 2) 1. Security groups 2. Access policies 3. Roles 4. Network ACLs 5. Key pairs

*Access policies and Roles* Access policies are objects that you attach to entities and resources to define their permissions Roles are created and then "assumed" by trusted entities and define a set of permissions for making AWS service requests Security groups and network ACLs are used as instance-level and subnet-level firewalls respectively Key pairs are created in EC2 and are used to login to EC2 instances, different than access keys and secret IDs which are used to grant programmatic access to resources

Which service records API activity on your account and delivers log files to an Amazon S3 bucket 1. Amazon CloudWatch 2. Amazon S3 Event Notifications 3. Amazon CloudTrail 4. Amazon CloudWatch Logs

*Amazon CloudTrail* CloudTrail is for auditing, CloudWatch is for performance monitoring S3 Event Notifications notifies you when certain events happen in your S3 buckets CloudWatch lets you monitor and troubleshoot your systems and apps using your existing system, application, and custom log files

Which services can help to automate a company's IT infrastructure? (choose 2) 1. Amazon CloudWatch Alarms 2. Amazon Route 53 3. AWS Lambda Scheduled Events 4. Virtual Private Cloud 5. Elastic Network Interface

*Amazon CloudWatch Alarms and AWS Lambda Scheduled Events* CloudWatch alarms sends an Amazon SNS message when a particular metric goes beyond a specified threshold for a specified number of periods AWS Lambda Scheduled events allow you to create a Lambda function and direct AWS Lambda to execute it on a regular schedule Route 53 is a DNS service and does not offer automation VPC is a logical networking construct and is not an example of automation ENI is a location network adapter and is not an example of automation

Which service can be used to track the CPU usage of an EC2 instance? 1. Amazon CloudTrail 2. Amazon CloudFront 3. Amazon CloudFormation 4. Amazon CloudWatch

*Amazon CloudWatch* CloudWatch is a monitoring service for AWS cloud resources and the apps you run on AWS CloudTrail is for auditing, records activity made on your account CloudFormation is used for automated provisioning of infrastructure CloudFront is a CDN

Which database service is a NoSQL type of database that is fully managed? 1. Amazon RDS 2. Amazon DynamoDB 3. Amazon Redshift 4. Amazon ElastiCache

*Amazon DyanmoDB* RDS is a relational (SQL) type of database RedShift is a data warehouse that can be analyzed using SQL tools ElastiCache is a data caching service that is used to help improve performance

Which storage service allows you to connect multiple EC2 instances concurrently using file-level protocols? 1. Amazon S3 2. Amazon EBS 3. Amazon EFS 4. Amazon Glacier

*Amazon EFS* EBS provides block-level volumes to individual EC2 instances (cannot connect multiple instances to a single EBS volume) S3 is an object storage system and Glacier is used for archiving S3 objects

Which AWS service allows you to connect to storage from on-premise servers using standard file protocols? 1. Amazon S3 2. Amazon EBS 3. Amazon Glacier 4. Amazon EFS

*Amazon EFS: it is a fully-managed service that makes it easy to set up and scale file storage in the Cloud* S3 is an object-level not file-level storage system Glacier is an archiving solution that is accessed through S3 EBS (Elastic Block Storage) is a block-level storage that can only be accessed by EC2 instances from the same AZ as the EBS volume

Which AWS storage technology can be considered a "virtual hard disk in the cloud"? 1. Amazon Elastic File Storage (EFS) filesystem 2. Amazon Elastic Block Storage 3. Amazon S3 object 4. Amazon Glacier archive

*Amazon Elastic Block Storage* EBS is a block storage device, when attached to an instance it appears as a local disk that can have an OS installed on or be formatted and used for any other local storage purpose EFS is mounted over the NFS protocol, file-level protocol, not a virtual hard disk S3 is an object storage system and cannot be mounted and used as a virtual hard drive Glacier is an archiving solution where you can archive your S3 object

Which AWS service can be used to process a large amount of data using the Hadoop framework? 1. Amazon Athena 2. Amazon Kinesis 3. AWS Glue 4. Amazon EMR

*Amazon Elastic Map Redue (EMR)* Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new info Glue is a fully managed extract, transform, and load (ETL) service to prepare and load their data for analytics

Which AWS database service supports a complex queries and joins and is suitable for a transactional database deployment? 1. Amazon RDS 2. Amazon DynamoDB 3. Amazon RedShift 4. Amazon EMR

*Amazon RDS* DynamoDB is a NoSQL database RedShift is a data warehouse used for analytic not transactional databases EMR is a Hadoop (big data analytics in the cloud) service that is not suitable for transactional databases

Which service supports the resolution of public domain names to IP addresses or AWS resources? 1. Amazon Route 53 2. Amazon CloudFront 3. Amazon SNS 4. Hosted Zones

*Amazon Route 53, highly available and scalable Domain Name System (DNS) service* A hosted zone is a collection of records for a specified domain in Route 53 CloudFront is a CDN that stores content at "edge locations" Simple Notification Service is used to send notifications over multiple transport protocols

Which service can be used for building and integrating loosely-coupled, distributed applications? 1. Amazon EBS 2. Amazon SNS 3. Amazon EFS 4. Amazon RDS

*Amazon SNS* EBS provides storage volumes for EC2 instances EFS provides an NFS filesystem for usage by EC2 instances RDS provides a managed relational DB service

For which services does Amazon not charge customers? (choose 2) 1. Amazon VPC 2. Amazon EBS 3. Amazon CloudFormation 4. Amazon S3 5. Amazon SNS

*Amazon VPC and Amazon CloudFormation* CloudFormation is free, but has you pay for the resources it creates All other listed services are chargeable

Which type of Amazon Elastic Load Balancer operates at layer 7 of the OSI model? 1. Application Load Balancer 2. Network Load Balancer 3. Classic Load Balancer 4. F5 Load Balancer

*Application Load Balancer (ALB), routes connections based on the content of the request)* Network (NBL), layer 4, routes connections based on IP protocol data Classic (CLB), provides basic load balancing at both layer 4 and layer 7 F5 load balancer is not an Amazon load balancer

Which AWS services are used for analytics? (choose 2) 1. Amazon RDS 2. Amazon ElastiCache 3. Amazon Athena 4. Amazon S3 5. Amazon EMR

*Athena and EMR* Athena is an interactive query service that analyzes data in S3 using SQL EMR (Elastic Map Reduce) processes vast amounts of data RDS is a relational DB and used primarily for TRANSACTIONAL WORKLOADS ElastiCache is a data caching service used to improve speed/performance of web apps running on AWS S3 is used for object storage

When instantiating compute resources, what are two techniques for using automated, repeatable processes that are fast and avoid human error? (choose 2) 1. Snapshotting 2. Bootstrapping 3. Fault tolerance 4. Infrastructure as code 5. Performance monitoring

*Bootstrapping and Infrastructure as code* Snapshotting is about saving data, not instantiating resources Fault tolerance is a method of increasing the availability of your system when components fail Performance monitoring is not related to instantiating resources

Which of the statements below is accurate regarding Amazon S3 buckets? (choose 2) 1. Bucket names must be unique regionally 2. Buckets are replicated globally 3. Buckets names must be unique globally 4. Buckets are region-specific 5. Buckets can contain other buckets

*Bucket names must be unique globally (global namespace) and are REGiON-specific* Objects within a bucket are replicated WITHIN A REGION across multiple AZs Data never leaves that region unless configured to do so You cannot create nested buckets

What benefits are provided by Amazon CloudFront? (choose 2) 1. Allows you to register domain names 2. Built-in Distributed Denial of Service attack protection 3. Used to enable private subnet instances to access the Internet 4. Content is cached at Edge Locations for fast distribution to customers 5. Provides a worldwide distributed DNS service

*Built-in Distributed Denial of Service attack protection and Content is cached at Edge Locations for fast distribution to customers* Another benefit is that CloudFront integrates with many AWS services

What is the most cost-effective support plan that should be selected to provide at least a 1-hour response time for a production system failure? 1. Basic 2. Developer 3. Business 4. Enterprise

*Business* Basic does not provide any technical support Developer provides business hours access via email Business provides < 1-hour response times for a production system failure Enterprise does the same as Business but is more expensive

Under the AWS shared responsibility model what is the customer responsible for? (choose 2) 1. Physical security of the data center 2. Replacement and disposal of disk drives 3. Configuration of security groups 4. Patch management of infrastructure 5. Encryption of customer data

*Configuration of security groups and Encryption of customer data* AWS are responsible for "Security OF the Cloud" -Physical security of the DC -Replacement of old disk drives -Patch management of the infrastructure Customers are responsible for "Security IN the Cloud" -Configuring security groups -Network ACLs -Patching their operating systems -Encrypting their data

What considerations are there when choosing which region to use? (choose 2) 1. Data sovereignty 2. Available storage capacity 3. Latency 4. Pricing in local currency 5. Available compute capacity

*Data sovereignty and Latency* You may choose a region to reduce latency, minimize costs, or address regulatory requirements Pricing is in USD Available capacity is generally not a concern (large pool of resources and AWS doesn't disclose available capacity in each region)

Which service can you use to provision a preconfigured server with little to no AWS experience? 1. Amazon Elastic Beanstalk 2. Amazon Lambda 3. Amazon EC2 4. Amazon Lightsail

*Deploying a server on Lightsail is extremely easy* Elastic Beanstalk can be used to quickly deploy, but you need to know how to deploy within a VPC EC2 deploys within a VPC Lambda provides serverless functions not preconfigured servers

A company plans to create a hybrid cloud architecture. What technology will allow them to create a hybrid cloud? 1. VPC Peering 2. Internet Gateway 3. Direct Connect 4. Elastic Network Interface

*Direct Connect* Direct Connect provides a low-latency, high bandwidth connection to connect customer on-premise environments with the AWS cloud which allows them to create a "hybrid" cloud architecture VPC peering is a way of allowing routing between VPCs in different AWS accounts An Internet Gateway is used to connect public subnets to the Internet An Elastic Network Interface (ENI) is a logical networking component in a VPC that represents a virtual network card

Which of the following statements are correct about Elastic Block Store (EBS) volumes? (choose 2) 1. Root EBS volumes are retained on termination by default 2. EBS volumes must be in the same AZ as the instances they are attached to 3. You can attach multiple EBS volumes to an instance 4. You can attach an EBS volume to multiple instances 5. EBS volumes cannot be backed up

*EBS volumes must be in the same AZ as the instances they are attached to and You can attach multiple EBS volumes to an instance* Root EBS volumes are detected on termination by default You cannot attach an EBS volume to multiple instances EBS volumes can be backed up by taking a snapshot

Which AWS service can you use to install a third-party DB? 1. Amazon RDS 2. Amazon DynamoDB 3. Amazon EC2 4. Amazon EMR

*EC2* All of these services are managed services except for EC2. It is the only service in the list upon which you can manually install the DB software of your choice.

Which AWS service can be used to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets, and PC? 1. Elastic Transcoder 2. Elastic Beanstalk 3. Elastic Load Balancer 4. Auto Scaling

*Elastic Transcoder* Elastic Beanstalk can be used to quickly deploy and manage apps in the AWS cloud

What benefits does Amazon EC2 provide over using non-cloud servers? (choose 2) 1. Complete control of the hypervisor layer 2. Elastic web-scale computing 3. Inexpensive 4. Fault tolerance 5. High-availability with an SLA of 99.99%

*Elastic web-scale computing and Inexpensive* EC2 does not provide any control of the hypervisor or underlying hardware infrastructure Amazon does not offer fault tolerance for EC2, you need to design this into your application stack High-availability with an SLA of 95%

Which feature of AWS allows you to deploy a new application for which the requirements may change over time? 1. Elasticity 2. Fault tolerance 3. Disposable resources 4. High availability

*Elasticity, infrastructure can scale on-demand* Fault tolerance and high availability are mechanisms used for ensuring the availability of your app and protecting against the failure of hardware/software Disposable resources is an architectural principle in which servers and other components are treated as temporary resources and are replaced rather than updated

Which AWS support plan should you use if you need a response time of < 15 minutes for a business-critical system failure? 1. Basic 2. Developer 3. Business 4. Enterprise

*Enterprise* Both Business and Enterprise offer <1-hour response time for the failure of a production system

Which type of cloud deployment enables customers to leverage the benefits of the public cloud and co-exiting with on-premises infrastructure? 1. Public Cloud 2. Private Cloud 3. Hybrid Cloud 4. Legacy IT Infrastructure

*Hybrid Cloud*

Which feature can you use to grant read/write access to an Amazon S3 bucket? 1. IAM Role 2. IAM Policy 3. IAM Group 4. IAM User

*IAM Policy* Policy -Documents that define permissions and can be applied to users, groups, and roles -Can be written to grant access to Amazon S3 buckets Roles -Created and then "assumed' by trusted entities and define a set of permissions for making AWS service requests Groups -Collections of users and have policies attached to them User -Entity that represents a person or service

Which feature of Amazon Rekognition can assist with saving time? 1. Identification of objects in images and videos 2. Identification of the language of text in a document 3. Adds automatic speech recognitions (ASR) to applications 4. Provides on-demand access to compliance-related information

*Identification of objects in images and videos* Amazon COMPREHEND identifies the languages of the text Amazon TRANSCRIBE makes it easy to developers to add speech-to-text capability to their applications AWS ARTIFACT provides on-demand, compliance-related info

What are two ways the moving to an AWS cloud can benefit an organization? (choose 2) 1. Switch to a CAPEX model 2. Increase speed and agility 3. Stop guessing about capacity 4. Depreciate assets over a longer timeframe 5. Gain greater control of data center security

*Increase speed and agility and Stop guessing about capacity* Cloud is based on an operational expenditure (OPEX) model

What architectural best practice aims to reduce the interdependencies between services? 1. Services, Not Servers 2. Removing Single Points of Failure 3. Automation 4. Loose Coupling

*Loose Coupling* As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components This means that IT systems should be designed in a way that reduces interdependencies -- a change or failure in one component should not cascade to other components Includes "well-defined interfaces", enables interaction only through specific, tech-agnostic interfaces like RESTful APIs

Amazon S3 bucket names must follow a set of rules. Which of the rules below apply to Amazon S3 bucket names? (choose 2) 1. Names must be unique across all of AWS 2. Names must be 3 to 63 characters in length 3. Names must contain uppercase letters 4. Names must be unique within a region 5. Names must be formatted as a DNS domain name

*Names must be unique across all of AWS and Names must be 3 to 63 characters in length* Bucket names must follow the following rules: - Names must be unique across all of AWS - Names must be 3 to 63 characters in length - Name can only contain lowercase letters, numbers, and hyphens - Names cannot be formatted as an IP address

Which type of Elastic Load Balancer operates at the connection layer (layer 4) and supports IP address as targets? 1. Application Load Balancer 2. Network Load Balancer 3. Classic Load Balancer 4. ELBs do not support IP addresses as targets

*Network Load Balancer*

Which pricing model should you use for EC2 instances that will be used in a lab environment for several hours on a weekend and must run uninterrupted? 1. On-Demand 2. Reserved 3. Spot 4. Dedicated Instance

*On-Demand because it will ensure no interruptions* Spot instances are good for short term requirements Reserved instances are good for long-term, static requirements Dedicated instances are EC2 instances that run on hardware dedicated to a single customer

What is an availability zone composed of? 1. One or more regions 2. One or more data centers in a location 3. A collection of edge locations 3. A collection of VPCs

*One or more data centers in a location* AZ are physically separate and isolated from each other Region is a geographical area Each region consists of 2 or more AZ

Which statement below is incorrect in relation to Network ACLs? 1. Operate at the AZ level 2. Support allow and deny rules 3. Stateless 4. Process rules in order

*Operate at the AZ level* Network ACLs operate at the SUBNET level

Under the shared responsibility model, what are examples of shared controls? (choose 2) 1. Patch management 2. Storage system patching 3. Physical and environmental 4. Configuration management 5. Service and Communications Protection

*Patch management and Configuration management* Shared Controls - apply to both the infrastructure layer and customer layers, but in completely separate contexts/perspectives Patch management -AWS responsible for things within the infrastructure -Customers responsible for patching their guest OS and apps Configuration management -Same as patch Service and Communications Protection is a CUSTOMER specific control Storage system patching is an AWS responsibility Physical and Environmental is an inherited control (a customer fully inherits from AWS)

Which types of pricing policies does AWS offer? 1. Pay-as-you-go 2. Enterprise license agreement (ELA) 3. Non-peak hour discounts 4. Global usage discounts 5. Save when you reserve

*Pay-as-you-go and Save when you reserve* Additionally, pay less by using more is another pricing policy that AWS offers

Which of the following statements is correct in relation to consolidated billing? (chose 2) 1. Paying accounts are independent and cannot access resources of other accounts 2. Used to consolidate billing across organizations 3. One bill is provided per AWS organization 4. Volume pricing discounts cannot be applied to resources 5. Only available to Enterprise customers

*Paying accounts are independent and cannot access resources of other accounts and One bill is provided per AWS organization* Consolidate billing across ACCOUNTS within an organization not across ORGANIZATIONS Volume pricing discounts can be applied to resources Consolidated billing is available to all customers

What constraints apply to customers when performing penetration testing? (choose 2) 1. Permission is required for all penetration tests 2. You can perform penetration testing on your own systems at any time without prior authorization 3. You must complete and submit the AWS Vulnerability/Penetration Testing Request Form to request authorization 4. Penetration testing can be performed against any AWS resources 5. Penetration testing must be performed by a certified security consultant

*Permission is required for all penetration tests and You must complete and submit the AWS Vulnerability/Penetration Testing Request Form to request authorization* Permission is required for all penetration tests There is a limited set of resources on which penetration testing can be performed

What advantages does deploying Amazon CloudFront provide? (choose 2) 1. A private network link to the AWS cloud 2. Reduced latency 3. Automated deployment of resources 4. Improved performance for end users 5. Provides serverless compute services

*Reduced latency and Improved performance for end users* CloudFront is a content delivery network that allows you to store/cache your content at "edge locations" located around the world A private network link to the AWS cloud can be provisioned using AWS Direct Connect of an IPSec VPN CloudFormation automates deployment of resources CloudFront is a CDN, not a serverless compute service

The AWS global infrastructure is composed of ? (choose 2) 1. Regions 2. Clusters 3. Fault Zones 4. Availability Zones 5. IP subnets

*Regions and Availability Zones* Region is a physical location in the world where AWS have multiple AZs AZs consists of one or more discrete data centers

Identify the services that have a global (rather than regional) scope? (choose 2) 1. Amazon Route 53 2. Amazon S3 3. Amazon CloudFront 4. AWS Lambda 5. Amazon EC2

*Route 53 and CloudFront have a global scope* S3 uses a global namespace but buckets and objects are created within a region Lambda is a regional service

What is the scope of a VPC within a region? 1. Spans all AZs within the region 2. Spans all AZs globally 3. At least 2 subnets per region 4. At least 2 data centers per region

*Spans all AZs within a region* A VPC spans all AZs within a region VPCs do not span regions, you create VPCs in each region VPCs are not limited by subnets, subnets are created within AZs and you can have many subnets in an AZ An AZ uses one or more data centers, AWS does not publicize the details

What is the most cost-effective EC2 pricing option to use for a non-critical overnight workload? 1. On-Demand 2. Spot 3. Reserved Instance 4. Dedicated Host

*Spot* Spot instances are good for short term requirements, good option for NON-CRITICAL workloads that can bet terminated On-Demand is not the most economical option Reserved instances are good for long-term, static requirements (must lock in for 1 or 3 years in return for a decent discount) Dedicated hosts provide a fuller server dedicated to a single customer and is therefore expensive

Which statement below is incorrect in relation to Security Groups? 1. Operate at the instance level 2. Support allow rules only 3. Stateless 4. Evaluate all rules

*Stateless* Security groups are stateful meaning that if traffic is allowed in one direction, the return traffic is automatically allowed regardless of whether there is a matching rule for the traffic

Which items can be configured from within the VPC management console? (choose 2) 1. Subnets 2. Regions 3. Load Balancing 4. Auto Scaling 5. Security Groups

*Subnets and Security Groups* Regions are not configured, RESOURCES within regions are configured Load balancing and auto scaling is configured from the EC2 console

How can an organization compare the cost of running applications in an on-premise or colocation environment against the AWS cloud? 1. AWS Budgets 2. AWS Simple Monthly Calculator 3. TCO Calculator 4. AWS Cost Explorer

*TCO Calculator* Cost Explorer allows you to view charts of your costs, forecast too Simple Monthly Calculator helps estimate their monthly AWS bill more efficiently Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed your budgeted amount

What method can you use to take a backup of an Amazon EC2 instance using AWS tools? 1. Take full and incremental file-level backups using the backup console 2. Take application-consistent backups using the EC2 API 3. Use Cross Region Replication (CRR) to copy the instance to another region 4. Take a snapshot to capture the point-in-time state of the instance

*Take a snapshot to capture the point-in-time state of the instance* There is no backup console to take full and incremental backups There is no way to taking application-consistent backups using any AWS tools Cross Region Replication is used to replicate Amazon *S3 buckets* across regions

What advantages do you get from using the AWS cloud? (choose 2) 1. Trade capital expense for variable expense 2. Stop guessing about capacity 3. Increased capital expenditure 4. Gain greater control of the infrastructure 5. Comply with all local security compliance programs

*Trade capital expense for variable expense and Stop guessing about capacity* AWS has greater control of the infrastructure, compliant with most but not all programs in all local countries The 6 advantages of cloud are: 1. Trade capital expense for variable expense 2. Benefit from massive economies of scale 3. Stop guessing about capacity 4. Increase speed and agility 5. Stop spending money running and maintaining data centers 6. Go global in minutes

Which of the following are features of Amazon CloudWatch? (choose 2) 1. Used to gain system-wide visibility into resource utilization 2. Records account activity and service events from most AWS services 3. Used for auditing of API calls 4. Can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console 5. Provides visibility into user activity by recording actions taken on your account

*Used to gain system-wide visibility into resource utilization and Can be accessed via...* CloudWatch is a monitoring service CloudTrail records account activity, service events, and saves a history of API calls for your AWS account