AWS Cloud Practitioner Prep 14
Which of the following AWS services can be used to prevent Distributed Denial-of-Service (DDoS) attack? (Select three) 1. AWS WAF 2. AWS Shield 3. AWS Trusted Advisor 4. Amazon Inspector 5. Amazon CloudFront with Route 53 6. AWS CloudHSM
1. AWS WAF - you can configure web access control lists (Web ACLs) on your CloudFront distributions or Application Load Balancers to filter and block requests based on request signatures 2. AWS Shield - a managed DDoS protection service that safeguards applications running on AWS 5. Amazon CloudFront with Route 53 - hosted on a distributed network of proxy servers in data centers throughout the world called edge locations
Which AWS compute service provides the EASIEST way to access resizable compute capacity in the cloud with support for per-second billing and access to the underlying OS? 1. Amazon Elastic Compute Cloud (EC2) 2. Amazon Lightsail 3. AWS Lambda 4. Amazon Elastic Container Service (ECS)
1. Amazon Elastic Compute Cloud (EC2) (a web service that provides secure, resizable compute capacity in the cloud with support for per-second billing)
A fleet of Amazon EC2 instances spread across different Availability Zones needs to access, edit and share file-based data stored centrally on a system. As a Cloud Practitioner, which AWS service would you recommend for this use-case? 1. Elastic File System (EFS) 2. Elastic Block Store (EBS) Volume 3. EC2 Instance Store 4. Amazon S3
1. Elastic File System (EFS) (provides a simple, scalable, fully managed, elastic NFS file system)
Access Key ID and Secret Access Key are tied to which of the following AWS Identity and Access Management entities? 1. IAM User 2. AWS Policy 3. IAM Group 4. IAM Role
1. IAM User (Access keys are long-term credentials for an IAM user or the AWS account root user.)
Which of the following AWS services are always free to use (Select two)? 1. Identity and Access Management (IAM) 2. AWS Auto Scaling 3. Elastic Compute Cloud (Amazon EC2) 4. DynamoDB 5. Simple Storage Service (Amazon S3)
1. Identity and Access Management (IAM) & 2. AWS Auto Scaling
The engineering team at an IT company wants to monitor the CPU utilization for its fleet of EC2 instances and send an email to the administrator if the utilization exceeds 80%. As a Cloud Practitioner, which AWS services would you recommend to build this solution? (Select two) 1. SQS 2. SNS 3. CloudTrail 4. Lambda 5. CloudWatch
1. SNS - a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. & 5. CloudWatch - a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers.
A photo sharing web application wants to store thumbnails of user-uploaded images on Amazon S3. The thumbnails are rarely used but need to be immediately accessible from the web application. The thumbnails can be regenerated easily if they are lost. Which is the most cost-effective way to store these thumbnails on S3? 1. Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails 2. Use S3 Standard to store the thumbnails 3. Use S3 Standard Infrequent Access (Standard-IA) to store the thumbnails 4. Use S3 Glacier to store the thumbnails
1. Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails (costs 20% less than S3 Standard-IA)
Which AWS service enables users to find, buy, and immediately start using software solutions in their AWS environment? 1. AWS Config 2. AWS Marketplace 3. AWS Systems Manager 4. AWS OpsWorks
2. AWS Marketplace (a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS)
Which service gives a personalized view of the status of the AWS services that are part of your Cloud architecture so that you can quickly assess the impact on your business when AWS service(s) are experiencing issues? 1. AWS Service Health Dashboard 2. AWS Personal Health Dashboard 3. AWS Inspector 4. Amazon CloudWatch
2. AWS Personal Health Dashboard (provides alerts and remediation guidance when AWS is experiencing events that may impact you)
An IT company wants to run a log backup process every Monday at 2 AM. The usual runtime of the process is 5 minutes. As a Cloud Practitioner, which AWS services would you recommend to build a serverless solution for this use-case? (Select two) 1. Step Function 2. CloudWatch 3. Lambda 4. Systems Manager 5. EC2 Instance
2. CloudWatch - a monitoring and observability service built & 3. Lambda - lets you run code without provisioning or managing servers
Which of the following statements are true about AWS Lambda? (Select two) 1. AWS Lambda provides access to the underlying operating system to control its behavior through code 2. Allows you to orchestrate and manage Docker containers to facilitate complex containerized applications on AWS 3. AWS Lambda lets you run code without provisioning or managing servers 4. You pay for the compute time you consume 5. Allows you to install databases on the underlying serverless Operating System
3. AWS Lambda lets you run code without provisioning or managing servers & 4. You pay for the compute time you consume (You pay for the compute time and the number of requests for your Lambda function - there is no charge when your code is not running.)
A social media company wants to protect its web application from common web exploits such as SQL injection and cross-site scripting. Which of the following AWS services can be used to address this use-case? 1. Amazon GuardDuty 2. Amazon Inspector 3. AWS Web Application Firewall (WAF) 4. AWS CloudWatch
3. AWS Web Application Firewall (WAF)
A company wants a fully managed, flexible, and scalable file storage system, with low latency access, for its Windows-based applications. Which AWS service is the right choice for the company? 1. Amazon Elastic Block Storage (Amazon EBS) 2. Amazon FSx for Lustre 3. Amazon FSx for Windows File Server 4. Amazon Elastic File System (Amazon EFS)
3. Amazon FSx for Windows File Server (provides fully managed, highly reliable, and scalable file storage that is accessible over the industry-standard Service Message Block (SMB) protocol. It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration.)
Which of the following AWS services comes under the Software as a Service (SaaS) Cloud Computing Type? 1. AWS Elastic Beanstalk 2. Elastic Load Balancing 3. Amazon Rekognition 4. Amazon EC2
3. Amazon Rekognition Wrong answers: • Elastic Beanstalk - PaaS • Elastic Load Balancing - added as a distractor • EC2 - IaaS
Which of the following statements are correct about the AWS account root user (Select two) 1. Root account gets unrestricted permissions when the account is created, but these can be restricted using IAM policies 2. Root user account password cannot be changed once it is set 3. It is highly recommended to enable Multi Factor Authentication (MFA) for root user account 4. Root user credentials should only be shared with managers requiring administrative responsibilities to complete their jobs 5. Root user access credentials are the email address and password used to create the AWS account
3. It is highly recommended to enable Multi Factor Authentication (MFA) for root user account & 5. Root user access credentials are the email address and password used to create the AWS account
Which AWS Route 53 routing policy would you use to improve the performance for your customers by routing the requests to the AWS endpoint that provides the fastest experience? 1. Failover routing policy 2. Weighted routing policy 3. Latency routing policy 4. Simple routing policy
3. Latency routing policy (If your application is hosted in multiple AWS Regions, you can use latency routing policy to improve the performance for your users by serving their requests from the AWS Region that provides the lowest latency)
Which AWS service should be used when you want to run container applications, but want to avoid the operational overhead of scaling, patching, securing, and managing servers? 1. Amazon Elastic Container Service - EC2 launch type 2. Amazon Elastic Compute Cloud (Amazon EC2) 3. AWS Lambda 4. Amazon Elastic Container Service - Fargate launch type
4. Amazon Elastic Container Service - Fargate launch type (a serverless compute engine for containers. It works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS))
A startup is looking for 24x7 phone based technical support for his AWS account. Which of the following is the MOST cost-effective AWS support plan for this use-case? 1. Basic 2. Enterprise 3. Developer 4. Business
4. Business (Only 'Business' and 'Enterprise' offer 24x7 tech support - Business is cheaper)
What is the primary benefit of deploying an RDS database in a Multi-AZ configuration? 1. Multi-AZ reduces database usage costs 2. Multi-AZ protects the database from a regional failure 3. Multi-AZ improves database performance for read-heavy workloads 4. Multi-AZ enhances database availability
4. Multi-AZ enhances database availability (Amazon RDS Multi-AZ deployments provide enhanced availability and durability for RDS database (DB) instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ).)
Which of the following statements is correct for a Security Group and a Network Access Control List? 1. Security Group acts as a firewall at the VPC level whereas Network Access Control List acts as a firewall at the AZ level 2. Security Group acts as a firewall at the subnet level whereas Network Access Control List acts as a firewall at the instance level 3. Security Group acts as a firewall at the AZ level whereas Network Access Control List acts as a firewall at the VPC level 4. Security Group acts as a firewall at the instance level whereas Network Access Control List acts as a firewall at the subnet level
4. Security Group acts as a firewall at the instance level whereas Network Access Control List acts as a firewall at the subnet level (A security group acts as a virtual firewall for your instance to control inbound and outbound traffic A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets (i.e. it works at subnet level).)