AWS CPP Quiz Questions

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following is NOT a characteristic of Amazon Elastic Compute Cloud (Amazon EC2)? 1. Amazon EC2 offers scalable computing 2. Amazon EC2 elminates teh need to invest in hardware upfront 3. Amazon EC2 can launch as many or as few virtual servers as needed 4. Amazon EC2 is considered a serverless web service

"Amazon EC2 is considered a Serverless Web Service" is not a characteristic of Amazon EC2 and thus is the correct choice. Serverless allows customers to shift more operational responsibilities to AWS. Serverless allows customers to build and run applications and services without thinking about servers. Serverless eliminates infrastructure management tasks such as server or cluster provisioning, patching, operating system maintenance, and capacity provisioning. Amazon EC2 is not a serverless service. EC2 instances are virtual servers in the cloud. Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to invest in hardware upfront, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic.

Which of the following is true regarding the AWS availability zones and edge locations? 1. An AWS Availability Zone is an isolated location within an AWS Region, however edge locations are located in multiple cities worldwide 2. An availability zone exists within an edge location to distribute content globally 3. An availability zone is a geographic location where AWS provides multiple, physically separated and isolated edge locations 4. Edge locations are located in separate Availability Zones worldwide to serve global customers

#1 In AWS, each Region has multiple, isolated locations known as Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. Edge locations may or may not exist within a region. They are located in most major cities around the world. Edge locations are specifically used by CloudFront (CDN) to distribute content to global users with low latency.

Which AWS-managed network service can be used to enable Internet connectivity for EC2 instances in private subnets? 1. NAT instance 2. NAT Gateway 3. Internet Gateway 4. Network ACL

A NAT Gateway is an AWS managed service that can be used for enabling instance in private subnets to access the Internet

In Amazon Route 53, what is the name for the configuration item that holds a collection of records belonging to a domain? 1. DNS record 2. Alias 3. Hosted zone 4. Routing Policy

A hosted zone represents a set of records belonging to a domain

What type of template is used by Amazon EC2 Auto Scaling to define instance family, AMI key pair, and security groups? 1. Scaling Plan 2. Launch Configuration 3. Scaling Policy 4. Auto Scaling Group

A launch configuration is the template used to create new EC2 instances and includes parameters such as instance family, instance type, AMI, key pair and security groups

Which service can be used to find reports on Payment Card Industry (PCI) compliance of the AWS cloud? 1. AWS Service Catalog 2. Amazon Inspector 3. AWS Artifact

AWS Artifact AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements

Which tool can be used to find compliance information that relates to the AWS Cloud platform? 1. Amazon Inspector 2. AWS Trusted Advisor 3. AWS Artifact 4. AWS Personal Health Dashboard

AWS Artifact AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements

Which AWS Service allows customers to download AWS SOC & PCI reports? 1. Amazon Chime 2. AWS Well-Architected Tool 3. AWS Glue 4. AWS Artifact

AWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports. You can submit the security and compliance documents (also known as audit artifacts) to your auditors or regulators to demonstrate the security and compliance of the AWS infrastructure and services that you use. You can also use these documents as guidelines to evaluate your own cloud architecture and assess the effectiveness of your company's internal controls.

A developer needs to set up an SSL security certificate for a client's eCommerce website in order to use the HTTPS protocol. Which of the following AWS services can be used to deploy the required SSL server certificates? (Choose TWO) 1. Amazon Route 53 2. AWS Certificate Manager (ACM) 3. AWS Directory Service 4. AWS Data Pipeline 5. AWS Identity & Access Managment

AWS Certificate Manager & AWS IAM To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can use a server certificate provided by AWS Certificate Manager (ACM) or one that you obtained from an external provider. You can use ACM or IAM to store and deploy server certificates. Use IAM as a certificate manager only when you must support HTTPS connections in a region that is not supported by ACM. IAM supports deploying server certificates in all regions, but you must obtain your certificate from an external provider for use with AWS. Amazon Route 53 is used to register domain names or use your own domain name to route your end users to Internet applications. Route 53 is not responsible for creating SSL certifications.

Which service uses a hardware security module to protect encryption keys in the cloud? 1. AWS Key Management Service (KMS) 2. AWS CloudHSM 3. AWS Service Catalog

AWS CloudHSM AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

Which of the following will help AWS customers save on costs when migrating their workloads to AWS? 1. Use existing third-party software licenses on AWS 2. Use servers instead of managed servers 3. Migrate production workloads to AWS edge locations instead of AWS regions 4. Use AWS Outposts to run all workloads in a cost-optimized environment

AWS Customers who have already purchased software licenses - from vendors such as Microsoft and Oracle - can reuse these licenses on AWS instead of buying new licenses. For software that consumes licenses on a per-core or per-socket basis, such as Windows Server and SQL Server, AWS customers may need to migrate their workloads to a dedicated host to use this type of software license.

Which service can be used to migrate an on-premises database to Amazon RDS? 1. AWS Server Migration Service 2. AWS Transfer for SMTP 3. Application Discovery Service 4. Database Migration Service

AWS DMS (Database Migration Service) AWS DMS can be used to migrate an on-premises database to Amazon RDS

A company needs to migrate several TB of data from an on-premises NAS device to Amazon FSx. Which service can the company use to migrate the data over a VPN connection? 1. AWS Database Migration Service (DMS) 2. AWS Snowball Edge 3. AWS DataSync 4. Amazon S3 Transfer Acceleration

AWS DataSync can migrate data from on-premises NAS storage to Amazon S3, EFS, and FSx

A company needs a network connection to the AWS cloud with predictable performance. What should they use? 1. AWS managed VPN 2. AWS Direct Connect 3. VPN CloudHub 4. VPC Peering

AWS Direct Connect is a private network connection and offers predictable performance

How can an organization create a private hybrid cloud connection between their on-premises data center and the AWS Cloud? 1. AWS managed VPN 2. VPN CloudHub 3. Software VPN 4. AWS Direct Connect

AWS Direct Connect is a private network connection to the AWS Cloud. It provides high bandwidth and low latency with reliable performance

Which AWS services can be used to improve the performance of a global application and reduce latency for its users? (Choose TWO) 1. AWS Global Accelerator 2. AWS Direct Connect 3. AWS KMS 4. Amazon CloudFront 5. AWS Glue

AWS Global Accelerator & CloudFront AWS Global Accelerator and CloudFront are two separate services that use the AWS global network and its edge locations around the world. Amazon CloudFront improves performance for global applications by caching content at the closest Edge Location to end-users. AWS Global Accelerator improves performance for global applications by routing end-user requests to the closest AWS Region. Amazon CloudFront improves performance for both cacheable (e.g., images and videos) and dynamic content (e.g. dynamic site delivery). Global Accelerator is a good fit for specific use cases, such as gaming, IoT or Voice over IP. Note: AWS Global accelerator does not cache content at edge locations like Amazon CloudFront. AWS Global accelerator uses the AWS edge locations to receive end-user requests and then routes these requests to the closest AWS Region over the AWS global network.

A company is collecting weather data to send to AWS for analytics. Each collection cycle the data doesn't exceed 7 TB. Which AWS Snow Family product would you recommend? 1. AWS Data Sync 2. AWS Snowcone 3. AWS Snowmobile 4. AWS Snowball

AWS Snowcone is the smallest member of the Snow Family and still has 8 terabytes of usable storage.

Which service can assist with protecting against common web-based exploits? 1. AWS Shield 2. AWS Web Application Firewall (WAF) 3. Amazon Route 53 4. AWS CloudHSM

AWS WAF AWS WAF is a web application firewall that protects against common exploits that could compromise application availability, compromise security or consume excessive resources

Who is responsible for patching networking equipment in AWS?

AWS are responsible for patching and securing the networking, compute, and storage hardware

When granting permissions to applications running on Amazon EC2 instances, which of the following is considered best practice? 1. Generate new IAM access keys every time you delegate permissions 2. Store the required AWS credentials directly within the application code 3. Do nothering; Applications that run on Amazon EC2 instances do not need permission to interact with other AWS services or resources 4. Use temporary security credentials(IAM roles) instead of long-term access keys

AWS recommends using an IAM role to manage temporary credentials for applications that run on Amazon EC2 instances. When you use a role, you don't have to distribute long-term credentials (such as a user name and password or access keys) to an EC2 instance. Instead, the role supplies temporary permissions that applications can use when they interact with other AWS resources. For example, if you have a photo-editing application running on an Amazon EC2 instance, and you want to grant the application permission to save user's photo uploads to an Amazon S3 bucket, it is best to use an IAM role to delegate the required permissions because role credentials are temporary and rotated automatically.

Which of the following is a type of MFA device that customers can use to protect their AWS resources? 1. AWS Key Pair 2. U2F Security Key 3. AWS Access Keys 4. AWS CloudHSM

AWS supports several MFA device options including Virtual MFA devices, Universal 2nd Factor (U2F) security key, and Hardware MFA devices.

Which of the following is NOT a payment option for Amazon EC2 reserved instances? 1. No upfront 2. All upfront 3. All at the end 4. Partial upfront

All at the end

Which of the below options is true of Amazon Cloud Directory? 1. Amazon Cloud Directory allows the organization of hierarchies of data across multiple dimensions 2. Amazon Cloud Directory allows users to access AWS with their existing Active Directory credentials 3. Amazon Cloud Directory enables the analysis of video and data streams in real time 4. Amazon Cloud Directory allows for registration and management of domain names

Amazon Cloud Directory is a cloud-native, highly scalable, high-performance directory service that provides web-based directories to make it easy for you to organize and manage all your application resources such as users, groups, locations, devices, and policies, and the rich relationships between them.

Which services can scale horizontally? 1. Amazon DynamoDB, Amazon EC2 Auto Scaling, Amazon S3 2. Amazon DynamoDB, Amazon EFS, Amazon EC2 3. Amazon EC2 Auto Scaling, Amazon S3, NAT Instance

Amazon DynamoDB, Amazon EC2 Auto Scaling, Amazon S3

Which of the following are factors should be considered for Amazon EBS pricing? (Choose TWO) 1. The number of Snowball storage devices you request 2. The compute capacity you consume 3. The compute time you consume 4. The amount of data you have stored in snapshots 5. The size of volumes provisioned per month

Amazon EBS pricing has two factors: 1- Volumes: Volume storage for all EBS volume types is charged by the amount of GB you provision per month, until you release the storage. 2- Snapshots: Snapshot storage is based on the amount of space your data consumes in Amazon S3. Because Amazon EBS does not save empty blocks, it is likely that the snapshot size will be considerably less than your volume size. Copying EBS snapshots is charged based on the volume of data transferred across regions. For the first snapshot of a volume, Amazon EBS saves a full copy of your data to Amazon S3. For each incremental snapshot, only the changed part of your Amazon EBS volume is saved. After the snapshot is copied, standard EBS snapshot charges apply for storage in the destination region.

Which AWS services are free? 1. Amazon EC2 Auto Scaling, CloudFormation, IAM 2. Amazon EC2, CloudFormation, IAM 3. Consolidated billing, EC2 Auto Scaling, NAT Gateway 4. IAM, Amazon S3, Outbound Data Transfer

Amazon EC2 Auto Scaling, CloudFormation, IAM This is correct, all of these services are free of charge. However you do pay for resources created by Auto Scaling and CloudFormation

Which service allows you to run Docker containers on AWS? 1. Amazon EC2 2. AWS Lambda 3. Amazon ECS 4. Amazon EBS

Amazon Elastic Container Service (ECS) is used to run Docker containers on AWS

Which AWS Service offers an NFS file system that can be mounted concurrently from multiple EC2 instances? 1. AWS Storage Gateway 2. Amazon Elastic File System 3. Amazon Elastic Block Store 4. Amazon Simple Storage Service

Amazon Elastic File System (Amazon EFS) provides a fully managed Network File System (NFS) file system for use with AWS Cloud services and on-premises resources. Amazon EFS supports the latest version of the Network File System (NFS) protocol, so the applications and tools that you use today work seamlessly with Amazon EFS. Multiple compute instances, including Amazon EC2, Amazon ECS, and AWS Lambda, can access an Amazon EFS file system at the same time, providing a common data source for workloads and applications running on more than one compute instance or server. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.

A company is planning on implementing a chatbot into their web application. Which AWS service would best meet their needs? 1. Amazon Translate 2. Amazon Lex 3. Amazon Polly 4. Amazon Comprehend

Amazon Lex is a service for building conversational interfaces into any application using voice and text. You can use Amazon Lex to incorporate a chatbot into the company's web application.

Which service is good for running compute workloads for people who don't have technical expertise with AWS? 1. Amazon ECS 2. Amazon EC2 3. Amazon LightSail 4. AWS Lambda

Amazon LightSail is great for users who do not have deep AWS technical expertise as it make it very easy to provision compute services

Which of the following services offers Text-to-Speech (TTS) services? 1. Amazon Transcribe 2. Amazon Translate 3. Amazon Polly 4. AWS Rekognition

Amazon Polly turns text into lifelike speech.

What is the scope of an Amazon VPC? 1. A data center 2. A region 3. An availability zone 4. A subnet

An Amazon VPC is created within a region. You can created multiple VPCs within a region and there is a default VPC created in every AWS region by default

In order to implement best practices when dealing with a "Single Point of Failure," you should attempt to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose TWO) 1. Auto Scaling 2. Amazon Athena 3. Amazon EC2 4. ECR 5. ELB

AutoScaling & ELB You should attempt to build as much automation as possible in both detecting and reacting to failure. You can use services like ELB and Amazon Route53 to configure health checks and mask failure by only routing traffic to healthy endpoints. In addition, Auto Scaling can be configured to automatically replace unhealthy nodes. You can also replace unhealthy nodes using the Amazon EC2 auto-recovery feature or services such as AWS OpsWorks and AWS Elastic Beanstalk. It won't be possible to predict every possible failure scenario on day one. Make sure you collect enough logs and metrics to understand normal system behavior. After you understand that, you will be able to set up alarms that trigger automated response or manual intervention.

The principle "design for failure and nothing will fail" is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle? (Choose TWO) 1. Penetration Testing 2. Multi-factor Authentication 3. Availability Zones 4. Vertical Scaling 5. Elastic Load Balancing

Availability zones & Elastic Load Balancing When designing your AWS Cloud architecture, you should make sure that your system will continue to run even if failures happen. You can achieve this by deploying your AWS resources in multiple Availability zones. Availability zones are isolated from each other; therefore, if one availability zone goes down, the other Availability Zones will still be up and running, and hence your application will be more fault-tolerant. In addition to availability zones, you can build a disaster recovery solution by deploying your AWS resources in other regions. If an entire region goes down, you will still have resources in another region able to continue to provide a solution. Finally, you can use the Elastic Load Balancing service to regularly perform health checks and distribute traffic only to healthy instances.

What is a defining feature of microservice applications? 1. Being tightly connected 2. Being loosely coupled 3. Their user interface, business logic, and data access layer are combined onto a single platform 4. Server-based computing

Being loosely coupled is a defining feature of microservice applications and allows them to recover from failures quicker.

Does Amazon CloudTrail permanently record all API activity in your account by default? Yes or No

By default Amazon CloudTrail only keeps 90 days of records. To keep records permanently you need to create a Trail and record events to an Amazon S3 bucket

Which service can be used for alerting if the CPU is heavily loaded on an EC2 instance? 1. Amazon CloudWatch 2. Amazon CloudTrail

CloudWatch CloudWatch is used for performance monitoring

What are the three fundamentals of pricing in AWS? 1. Compute, storage & inbound data transfer 2. Compute, database, and Internet connectivity 3. Compute, storage & outbound data transfer 4. Elasticity, agility and data transfer

Compute, storage and outbound data transfer are the three fundamentals of AWS pricing

Which of the following is NOT a cloud service model? 1. Infrastructure as a Service (Iaas) 2. Platform as a Service (PaaS) 3. Software as a Service (SaaS) 4. Computing as a Service (Caas)

Computing as a Service is not a cloud service model. However, Containers as a Service (CaaS) is a subset of PaaS with a focus on containers.

Select TWO examples of the AWS shared controls. 1. Data Center Operations 2. Configuration Management 3. VPC Management 4. IAM Management 5. Patch Management

Configuration Management & Patch Management Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: ** Patch Management - AWS is responsible for patching the underlying hosts and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. ** Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. ** Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.

How can a company migrate a database from Amazon EC2 to RDS without downtime? 1. Create an RDS read replica and then promote replica to master 2. Create a new database from an EBS snapshot 3. Migrate using the AWS Database Migration Service (DMS)

Context makes this one a bit easier! Just remember that DMS can migrate databases online without downtime and it supports many different source / destination options

According to the AWS Shared Responsibility model, who is responsible for configuring server-side encryption for Amazon S3? 1. AWS 2. Customer

Customer AWS are not responsible for configuring server-side encryption. It is up to customers to encrypt their data

According to the AWS Shared Responsibility model, who is responsible for operating system patching for Amazon EC2 instances? 1. AWS 2. Customer

Customer As a customer, you are responsible for installing patches on the operating systems of your EC2 instances

Which of the following needs to be considered in a Total Cost of Ownership (TCO) analysis? 1. Data Center operations costs 2. Application licensing costs 3. Company marketing campaign costs

Data Center operation costs You need to include all costs that are being incurred to run on-premises so you can compare costs to the AWS cloud

Best EC2 Price Use Case: Database with per-socket licensing

Dedicated Hosts

Which of the following EC2 instance purchasing options supports the Bring Your Own License (BYOL) model for almost every BYOL scenario? 1. Reserved Instances 2. On-demand Instances 3. Dedicated Instances 4. Dedicated Hosts

Dedicated Hosts provide additional control over your instances and visibility into Host level resources and tooling that allows you to manage software that consumes licenses on a per-core or per-socket basis, such as Windows Server and SQL Server. This is why most BYOL scenarios are supported through the use of Dedicated Hosts, while only certain scenarios are supported by Dedicated Instances.

Best EC2 Price Use Case: Security-sensitive application; requires dedicated hardware; per-instance billing

Dedicated Instances

How does DynamoDB scale? Horizontal or Vertical

DynamoDB does scale horizontally

What are the Amazon RDS features that can be used to improve the availability of your database? (Choose TWO) 1. Read Replicas 2. Automatic Patching 3. Edge Locations 4. AWS Regions 5. Multi-AZ Deployment

In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption. Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas provide a complementary availability mechanism to Amazon RDS Multi-AZ Deployments. You can promote a read replica if the source DB instance fails. You can also replicate DB instances across AWS Regions as part of your disaster recovery strategy. This functionality complements the synchronous replication, automatic failure detection, and failover provided with Multi-AZ deployments.

Which of the following will impact the price paid for an EC2 instance? (Choose TWO) 1. Instance Type 2. The Availability Zone where the instance is provisioned 3. Number of buckets 4. Number of private IPs 5. Load Balancing

Instance Type & Load Balancing EC2 instance pricing varies depending on many variables: - The buying option (On-demand, Savings Plans, Reserved, Spot, Dedicated) - Selected instance type - Selected Region - Number of instances - Load balancing - Allocated Elastic IP Addresses

Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose TWO) 1. Managing the database settings 2. Patching the database software 3. Installing the database software 4. Building the relational database schema 5. Performing backups

Managing the database settings & Building the relational database schema Amazon RDS manages the work involved in setting up a relational database, from provisioning the infrastructure capacity you request to installing the database software. Once your database is up and running, Amazon RDS automates common administrative tasks such as performing backups and patching the software that powers your database. With optional Multi-AZ deployments, Amazon RDS also manages synchronous data replication across Availability Zones with automatic failover. Since Amazon RDS provides native database access, you interact with the relational database software as you normally would. This means you're still responsible for managing the database settings that are specific to your application. You'll need to build the relational schema that best fits your use case and are responsible for any performance tuning to optimize your database for your application's workflow.

Best EC2 Price Use Case: Developer working on a small project for several hours; cannot be interrupted

On-Demand

Which pricing model is highly flexible with no long-term commitments or upfront payments? 1. Dedicated Instances 2. Spot instances 3. On-demand 4. Reservations

On-demand is the best option when you need the most flexibility. There are no long-term commitments or upfront payments.

What is an availability zone composed of? 1. A collection fo edge locations 2. A collection of VPCs 3. One or more DCs in a location 4. One or more regions

One or more data centers in a location Availability Zones are physically separate and isolated from each other. They are located in one or more data centers in a geographical area.

Which AWS support plan comes with a Technical Account Manager (TAM)? 1. Basic 2. Developer 3. Business 4. Enterprise

Only the enterprise support plan comes with a TAM

An application is being built that needs to identify faces in images. Which service can be used? 1. AWS Polly 2. AWS Lambda 3. AWS Rekognition

Rekognition can be used to detect faces in images

Best EC2 Price Use Case: Steady-state, business critical, line of business application; continuous demand

Reserved Instances

What is the difference between Amazon EC2 Savings Plans and Amazon EC2 Reserved instances?

Reserved Instances are a billing discount applied to the use of On-Demand Compute Instances in your account. These On-Demand Instances must match certain attributes, such as instance type and Region to benefit from the billing discount. For example, let say you have a t2.medium instance running as an On-Demand Instance and you purchase a Reserved Instance that matches the configuration of this particular t2.medium instance. At the time of purchase, the billing mode for the existing instance changes to the Reserved Instance discounted rate. The existing t2.medium instance doesn't need replacing or migrating to get the discount. After the reservation expires, the instance is charged as an On-Demand Instance. You can repurchase the Reserved Instance to continue the discounted rate on your instance. Reserved Instances act as an automatic discount on new or existing On-Demand Instances in your account. Savings Plans also offer significant savings on your Amazon EC2 costs compared to On-Demand Instance pricing. With Savings Plans, you make a commitment to a consistent usage amount, measured in USD per hour. This provides you with the flexibility to use the instance configurations that best meet your needs, instead of making a commitment to a specific instance configuration (as is the case with reserved instances). For example, with Compute Savings Plans, if you commit to $10 of compute usage an hour, you can use as many instances as you need (of any type) and you will get the Savings Plans prices on that usage up to $10 and any usage beyond the commitment will be charged On Demand rates.

Which of the following AWS security features is associated with an EC2 instance and functions to filter incoming traffic requests? 1. Security Groups 2. Network ACL 3. AWS X-Ray 4. VPC Flow Logs

Security Groups Security Groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Note: Network ACLs act at the subnet level, but security groups act at the instance level.

Which type of firewall operates at the instance level? 1. A security group 2. A network access control list (NACL) 3. A route table 4. A NAT Gateway

Security groups are considered to be instance-level firewalls

Best EC2 Price Use Case: Compute-intensive, cost-sensitive distributed computing; can withstand interruption

Spot Instances

Which pricing model is best suited for a batch computing workload that requires significant compute power and can be stopped at any time? 1. On-demand Instances 2. Dedicated Instances 3. Spot Instances 4. Reserved Instances

Spot Instances Spot instances are great for this type of workload. You can achieve significant discounts which will mean a big cost saving for such a compute intensive workload. You can be stopped at any time if AWS need the capacity back but that's OK for some batch workloads

Which storage classes are available for the Amazon Elastic File System? 1. Standard, Provisioned Throughput 2. Standard, Deep Archive 3. Standard, Infrequent Access Storage 4. Standard, One-Zone IA

Standard, Infrequent Access Storage

What is the best tool for an organization to compare the cost of running on-premises to using the AWS Cloud? 1. Cost Explorer 2. Simple Monthly Calculator 3. TCO Calculator 4. Trusted Advisor

TCO Calculator The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premise data center

What can you use to assign metadata to AWS resources for cost reporting? 1. Labels 2. Tags 3. ARNs 4. Templates

Tags and resource groups are great tools for assigning metadata to AWS resources and then being able to group resources that share one or more tags

Which AWS policy defines the prohibited uses of the AWS Cloud? 1. AWS End User Policy 2. AWS Cloud Policy 3. AWS Acceptable Practices Policy 4. AWS Acceptable Use Policy

The AWS Acceptable Use Policy describes the prohibited uses of AWS

Which tool can an IT manager use to forecast costs over the next 3 months? 1. AWS Organizations 2. AWS TCO Calculator 3. AWS Cost Explorer 4. Amazon CloudWatch

The AWS Cost Explorer is a free tool that allows you to view charts of your costs. You can view cost data for the past 13 months and forecast how much you are likely to spend over the next three months

Which of the following services is global in scope? 1. AWS Identity and Access Management (IAM) 2. Amazon Elastic Compute Cloud (EC2) 3. Amazon Relational Database Service (RDS) 4. AWS Lambda

The AWS IAM service is a global service which means you create your users, groups, roles and policies in one place

Which type of Elastic Load Balancer routes connections based on IP protocol data at layer 4 only? 1. Classic Load Balancer 2. Network Load Balancer 3. Application Load Balancer

The NLB operates at layer 4 of the OSI model only, routing connections based on IP protocol data

What is the main credential for an AWS root account? 1. Administrator 2. root 3. The email address used to create the account 4. the account number

The account root user credential is the email address used to create the account and a password

Which type of Elastic Load Balancer can direct traffic based on the domain name? 1. Classic Load Balancer 2. Network Load Balancer 3. Application Load Balancer 4. Amazon EC2 Load Balancer

The application load balancer can do host-based routing which means it can direct traffic based on information in the host header such as a domain name

What does ARN stand for? 1. Amazon Region Number 2. Amazon Region Name 3. Amazon Resource Number 4. Amazon Resource Name

This is the correct answer, an Amazon Resource Name (ARN) is associated with entities such as users and groups

A company recorded some support call conversations in mp4 files. How can the company extract the audio into a text document? 1. Use Amazon Translate 2. Use Amazon Polly 3. Use Amazon Transcribe

Transcribe can extract audio to text

Which statement is correct with regards to AWS service limits? (Choose TWO) 1. Each IAM user has the same service limits 2. The Amazon Simple Email Service is responsible for sending email notifications when usage approaches a service limit 3. There are no service limits on AWS 4. You can use the AWS Trusted Advisor to monitor your service limits 5. You can contact AWS support to increase the service limits

Understanding your service limits (and how close you are to them) is an important part of managing your AWS deployments - continuous monitoring allows you to request limit increases or shut down resources before the limit is reached. One of the easiest ways to do this is via AWS Trusted Advisor's Service Limit Dashboard. AWS maintains service limits for each account to help guarantee the availability of AWS resources, as well as to minimize billing risks for new customers. Some service limits are raised automatically over time as you use AWS, though most AWS services require that you request limit increases manually. Most service limit increases can be requested through the AWS Support Center by choosing Create Case and then choosing Service Limit Increase.

An access key ID and secret access key is associated with which IAM entity? 1. User 2. Group 3. Role 4. Policy

User An access key ID and secret access key is associated with a user and is used for granting programmatic access using the CLI or API

How can you run commands on an Amazon EC2 instance at launch time? 1. With metadata 2. With user data 3. With a container 4. With a snapshot

User data can be run at instance launch time. You can use it to run commands

With Amazon Virtual Private Cloud (VPC) what must you pay for? 1. Internet Gateway 2. Route Table 3. Security Group 4. VPN Connection

VPN Connections

Which of the following is NOT a limitation of scaling vertically? 1. Can reach a limit of maximum instance size 2. Often requires manual intervention 3. Requires a load balancer for distributing load 4. Typically requires downtime

Vertical scaling does not require a load balancer for distributing load This is not the case. When scaling EC2 instances horizontally you need a load balancer

If using a well written templates, how can Amazon CloudFormation assist with building secure environments? 1. It does not require privileged access 2. It ensures consistent builds when building repeatably 3. The responsibility is shared with AWS

When using a well-written template file that secures your resources well, you can then repeatably use the same template to ensure all environments built from the template are secure

Which of the following is a benefit of API-driven services? 1. You can programmatically and dynamically launch resources 2. You can define services through the AWS management console 3. You get greater fault tolerance 4. Increased reliability

With API driven cloud services you can programmatically and dynamically launch resources

Which AWS pricing feature can be used to take advantage of volume pricing discounts across multiple accounts? 1. Consolidated Billing 2. TCO Calculator 3. Enterprise Agreement 4. Cost Explorer

With Consolidated billing you can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts

Which type of public IP address is retained when the instance is stopped? 1. Public IP address 2. Private IP address 3. Elastic IP address 4. Local IP address

With Elastic IP addresses, the address is retained when the instance is stopped. Remember that you do pay for unused Elastic IP addresses

Which IAM entity can be used to delegate permissions? 1. User 2. Group 3. Role 4. Policy

You can delegate permissions using roles. It's a great way to provide permissions to resources for users and services without using permanent credentials. You delegate using a role and you define permissions to the role through a policy

What is AWS' policy regarding penetration testing?

You can now perform penetration testing against several services without approval

In case of account compromise, which of the following actions should you perform? 1. Delete all IAM users 2. Delete all resources in your account 3. Open a support case with AWS 4. Immediately close your account

You should always respond to any notifications you received from AWS through the AWS Support Center and/or contact AWS Support to open a support case

Which of the following AWS services is designed with native Multi-AZ fault tolerance in mind? (Choose TWO) 1. Amazon Simple Storage Service 2. Amazon DynamoDB 3. Amazon Redshift 4. AWS Snowball 5. Amazon EBS

he Multi-AZ principle involves deploying an AWS resource in multiple Availability Zones to achieve high availability for that resource. DynamoDB automatically spreads the data and traffic for your tables over a sufficient number of servers to handle your throughput and storage requirements, while maintaining consistent and fast performance. All of your data is stored on solid-state disks (SSDs) and is automatically replicated across multiple Availability Zones in an AWS Region, providing built-in fault tolerance in the event of a server failure or Availability Zone outage. Amazon S3 provides durable infrastructure to store important data and is designed for durability of 99.999999999% of objects. Data in all Amazon S3 storage classes is redundantly stored across multiple Availability Zones (except S3 One Zone-IA).

You have launched a training job but it fails after a few minutes. What is the first thing you should do for troubleshooting?

All errors in a training job will be logged in CloudWatch, so that should be your first stop to determine the cause of what the failure might be.

Which of the following AWS services integrates with AWS Shield and AWS Web Application Firewall (AWS WAF) to protect against network and application layer DDoS attacks? 1. AWS Systems Manager 2. AWS Secrets Manager 3. Amazon CloudFront 4. Amazon EFS

Amazon CloudFront, AWS Shield, and AWS Web Application Firewall (AWS WAF) work seamlessly together to create a flexible, layered security perimeter against multiple types of attacks including network and application layer DDoS attacks. These services are co-resident at the AWS edge location and provide a scalable, reliable, and high-performance security perimeter for your applications and content.

Which of the following services is used when encrypting EBS volumes? 1. Amazon GuardDuty 2. AWS WAF 3. Amazon Macie 4. AWS KMS

Amazon EBS encryption offers a straight-forward encryption solution for your EBS volumes that does not require you to build, maintain, and secure your own key management infrastructure. You can configure Amazon EBS to use the AWS Key Management Service (AWS KMS) to create and control the encryption keys used to encrypt your data. AWS Key Management Service is also integrated with other AWS services including Amazon S3, and Amazon Redshift, to make it simple to encrypt and decrypt your data.

When you issue a CreateModel API call using a built-in algorithm, which of the following actions would be next?

CreateModel API call is used to launch an inference container. When using the built-in algorithms, SageMaker will automatically reference the current stable version of the container.

A company is looking for a computing solution that gives them control over the operating system and instance type. They're looking for a service that only charges for what they use. Which of the following would you recommend they use? 1. Amazon Fargate 2. Docker Container Image 3. EC2 4. Lambda

EC2

AWS EC2 Auto Scaling provides which type of scaling? Horizontal or Vertical

EC2 Auto Scaling provide horizontal scaling by launching and terminating additional EC2 instances

Which of the following statements is INCORRECT about Elastic Load Balancing? 1. ELB can distribute connections across availability zones 2. ELB can be internet facing 3. ELB enables high availability and fault tolerance 4. ELB can distribute connections across regions

ELB cannot distribute connections across regions, only availability zones. To direct traffic across regions use Amazon Route 53

How does Elastic Load Balancing (ELB) assist with fault tolerance? 1. By distributing connections to multiple back-end instances 2. By directing traffic according to latency 3. By caching content closer to users 4. By automatically launching instances

ELB distributes connections to multiple back-end instances and this means your application is fault tolerant. You should couple this with Auto Scaling to ensure the right number of back-end instances are available

Which of the below options is a best practice for making your application on AWS highly available? 1. Rewrite the application code to handle all incoming requests 2. Deploy the application code on at least 2 servers in the same Availability zone 3. Use Elastic Load Balancing (ELB) across multiple AWS Regions 4. Deploy the application to at least two Availability Zones

Each AWS Region contains multiple distinct locations, or Availability Zones. Each Availability Zone is engineered to be independent from failures in other Availability Zones. Deploying your application to multiple Availability Zones will increase the availability of your application. If one availability zone encounters an issue, the other availability zones can still serve your application.

What is an AWS Region composed of? 1. 2 or more Virtual Private Clouds (VPCs) 2. Two or more availability zones 3. At least one availability zone 4. A collection of EC2 instances

Every region has at least 2 availability zones which are composed of one or more data centers

What type of information does VPC peering use to route traffic from one VPC to another? 1. Security groups 2. Public IP addresses 3. ARN (Amazon Resource Name) 4. Private IP addresses

Private IP addresses (IPv4 or IPv6) are what VPC peering uses to route traffic from one VPC to another.

Which architectural best practice aims to reduce interdependencies between application components? 1. Automation 2. Services, not Servers 3. Removing Single Points of Failure 4. Loose Coupling

Loose Coupling Design IT systems to reduce interdependencies. A change or a failure in one component should not cascade to other components

In a binary classification problem, you observe that precision is poor. Which of the following most contribute to poor precision?

Precision is defined as the ratio of True Positives over the sum of all Predicted Positives, which includes correctly labeled trues and those that we predicted as true but were really false (false positives). Another term for False Positives is Type I error.

For managed services like Amazon DynamoDB, which of the below is AWS responsible for? (Choose TWO) 1. Protecting credentials 2. Logging access activity 3. Creating access policies 4. Operation system maintenance 5. Patching database software

Operating system maintenance & patching the database software AWS has increased responsibilities for its managed services. Examples of managed services include Amazon DynamoDB, Amazon RDS, Amazon Redshift, Amazon Elastic MapReduce, and Amazon WorkSpaces. These services provide the scalability and flexibility of cloud-based resources with less operational overhead because AWS handle basic security tasks like guest operating system (OS) and database patching, installing antivirus software, backup, and disaster recovery. For most managed services, you only configure logical access controls and protect account credentials, while maintaining control and responsibility of any personal data.

Which services does Amazon Route 53 provide? 1. Domain Registration, DNS, firewall protection 2. Health checking, DNS, domain registration 3. Health checking, DNS, IP routing 4. Domain registration, DNS, content distribution

Health checking, DNS, domain registration

What does Elastic Load Balancing use to ensure instances are available? 1. EC2 Status Checks 2. CloudWatch Metrics 3. Scaling Plans 4. Health Checks

Health checks are used by ELB to check that an instance is available and healthy

Which architectural benefit of the AWS Cloud assists with lowering operational cost? 1. Higher-level managed services 2. Horizontal scaling 3. Loose coupling 4. Design for failure

Higher-level managed services You can lower operational cost by leveraging managed storage, database, analytics, application and deployment services

Which type of scaling does an Amazon Read Replica provide? Horizontal or Vertical

Horizontal By offloading reads to another RDS instance you are using horizontal scaling

Best EC2 Price Use Case: Reporting application, runs for 6hrs/day or 4 days a week

Scheduled Reserved

We are running a training job over and over again using slightly different, very large datasets as an experiment. Training is taking a very long time with your I/O-bound training algorithm and you want to improve training performance. What might you consider?

The combination of using the protobuf recordIO format and pipe mode will result in improved performance for I/O-bound algorithms because the data can be streamed directly from S3 versus having to be first copied to the instance locally.

We are using a CSV dataset for unsupervised learning that does not include a target value. How should we indicate this for training data as it sits on S3?

To run unsupervised learning algorithms that don't have a target, specify the number of label columns in the content type. For example, in this case 'text/csv;label_size=0'

You want to be sure to use the most stable version of a training container. How do you ensure this?

When specifying a training or inference container, use the :1 tag at the end of the path to use the stable version. If you want the latest version, use :latest but that might not be backward compatible.

You are preparing for a first training run using a custom algorithm that you have prepared in a docker container. What should you do to ensure that the training metrics are visible to CloudWatch?

When using a custom algorithm, you need to ensure that the desired metrics are emitted to stdout output. You also need to include the metric definition and regex expression for the metric in the stdout output when defining the training job.


Kaugnay na mga set ng pag-aaral

NCLEX chpt 59 immune problems practice questions

View Set

Chapter 20 & 21: Energy Alternatives

View Set

Myocardial Infarction, Nurs 3, Unit 5+kahoots

View Set

AP Psych: Motivation and Emotion

View Set

ATI Pharmacology Practice A, ATI PHARM: practice B

View Set