AWS understanding
You are launching an application that uses Fargate and EC2 instances for 1 year with very little to no downtime. What is the most cost-effective pricing option that still meets these requirements?
A Savings Plan. A Savings Plan can provide up to a 72% discount on on-demand pricing when you make a commitment and can be spread across different compute services like EC2s and containers.
Which of the following best describes an AWS Availability Zone?
A collection of data centers that are spread evenly around a specific location Availability Zones are groups of data centers in one area.
You are setting up new policies in IAM and need to include very specific permissions on several services that do not belong to an Organization. Which of the following can accomplish this?
A custom policy A custom policy will let you get as fine-grained as is necessary.
Who is responsible of managing storage and database in AWS Cloud?
AWS
What is AWS EC2?
AWS EC2 is a virtual server in the AWS Cloud
How is called a service that lets you run code without needing to think about servers?
AWS Lambda
What does AWS marketplace allows you to do?
AWS Marketplace lets you finish and sell software
Which AWS database service provides historical data of your application changes?
AWS Quantum Ledger Database
You need to ensure that the access keys for your IAM users are automatically rotated. Is this AWS's responsibility or yours?
Access key rotation is the customer's responsibility. An access key rotation schedule must be configured by the customer and involves several services to accomplish.
Which database is ideal for large organizations and enterprises?
Amazon Aurora
An on-premises application requires a consistent, high-speed connection to the AWS cloud environment that is better than an internet-based connection and supports a hybrid deployment model. Which AWS service can provide this connection?
Direct Connect. Direct Connect is a private (bypasses the public internet), dedicated physical network connection from your on-premises data center to AWS. Since the connection is private, it is extremely fast.
Your company is interested in migrating to the cloud and wants to ensure that they can protect their data long term. Which cloud benefit does this describe?
Durability. Durability is all about long-term data protection — meaning, keeping your data intact without corruption.
In which of the following is CloudFront content cached?
Edge locations. Edge locations consist of over 200+ points of presence around the world that provide fast entry into Amazon's global network. Because of how widespread they are, users can connect to their nearest edge location and have their traffic sent through Amazon's fast global network to reach the resources it needs sooner. This is how CloudFront's caching mechanism works. There are far less Availability Zones and Regions than edge locations, which is why CloudFront does not use them for caching content.
Your company requires that all services used in AWS are managed. Which of the following are managed services?
Elastic Container Service (ECS) ECS is a fully managed service, meaning all of the instances it launches are managed by AWS. You just specify the configuration you require.
You are launching an application and need to use containers. Your team primarily uses Docker. Which container service do you need to use?
Elastic Container Service. Elastic Container Service (ECS) supports Docker.
You are launching an application and need to use containers. Your team primarily uses Kubernetes. Which container service do you need to use?
Elastic Kubernetes Service Elastic Kubernetes Service (EKS) supports Kubernetes.
Your company has asked if you are encrypting data at rest. What do they mean?
Encryption at rest guarantees that data is encrypted while it is stored. Encryption at rest is the protection of data that is stagnant.
Denial of Service (DoS) attacks come from different sources
False
Your company requires that all services used in AWS are managed. Which of the following are managed services?
Fargate. Fargate is a fully managed service, meaning all of the instances it launches are managed by AWS; you just specify the configuration you require.
Which perspective of the AWS Cloud Adoption Framework focuses on minimizing the business risks?
Governance perspective
Your company is running an audit on IAM rolse and S3 buckets access. Which service can be used to help you discover which roles and buckets allow external access?
IAM Access Analyzer IAM Access Analyzer helps to streamline permissions management throughout the continuous cycle of access management to achieve least privilege.
How would you run a command on several EC2 instances at the same time from the AWS Management Console?
Identity and Access Management (IAM) IAM allows you to create and manage access for users.
How would you create and manage access keys for users that need to access AWS services from the AWS Command Line Interface (CLI)?
Identity and Access Management (IAM) IAM allows you to create and manage access keys for an IAM user.
How would you create and manage access for users who are accessing AWS services from the AWS Management Console?
Identity and Access Management (IAM). IAM allows you to create and manage access for users.
You need to implement appropriate access levels based on the roles of users on your team. What service can you use to create and manage this access?
Identity and Access Management (IAM). IAM is a service that enables you to manage access to AWS resources.
You need to implement a virtual firewall for your EC2 instances. What is the EASIEST way to do this?
Implement security groups. Security groups act as virtual firewalls for EC2 instances.
You are having trouble finding a solution to an S3 object replication issue on your Developer-level account. Where can you find some help?
Knowledge Center. The AWS Knowledge Center is accessible by anyone and includes articles and videos covering the most frequent questions and requests sent to AWS.
You need to update files in S3 every time there is a change made to a CloudFormation template. Which service can accomplish this?
Lambda Lambda is a compute service that can be triggered to run tasks up to 15 minutes long including updating files in S3.
Your company needs to stream data using Apache Kafka. Which AWS service can provide this ability?
Managed Streaming for Apache Kafka (MSK) Snowcone can easily migrate terabytes of data and each device is $60 plus shipping.
Several EC2 instances in a private subnet need internet access. What can you implement to provide them with internet access?
NAT gateway The NAT gateway resides in a public subnet, but it helps to provide internet access to instances in private subnets.
You need to patch several EC2 instances in a private subnet. What can you implement to provide them with internet access outside the subnet?
NAT gateway The NAT gateway resides in a public subnet, but it helps to provide internet access to instances in private subnets.
Which AWS service provides an additional layer of security at the subnet level?
Network Access Control Lists (NACLs). NACLs provide security at the subnet level and are stateless.
Your RDS instances need to be patched after the latest vulnerability fix was released. Is this your responsibility?
No, AWS will patch the underlying infrastructure that hosts the RDS service. AWS automatically patches RDS instances as it is an AWS managed service.
Your company needs to perform interactive log analytics and searches. What service can accomplish this?
OpenSearch OpenSearch allows you to perform interactive log analytics, real-time application monitoring, website searches, and more.
In regards to the Cloud Adoption Framework, what perspective do Workforce Transformation and Organization Alignment fall under?
People. The People perspective focuses on creating a bridge between technology and the business.
You need an AWS service that can turn text into speech for an audiobook you are working on. Which service would you choose?
Polly Polly is a service that allows you to turn text into lifelike speech.
You need to implement a data warehouse that can handle structured and semi-structured data. Which AWS service would you use?
Redshift Redshift is a petabyte-scale data warehouse that uses SQL to analyze structured and semi-structured data across data warehouses, operational databases, and data lakes.
You need to store a collection of objects that can also be accessed from a different AWS Region. Which service should you use to do this?
S3 S3 allows you to access objects from anywhere in the world - as long as the appropriate permissions are set!
You need to store file in S3, but you need to be able to access them like a file system from your EC2 instances. Which AWS service would you use?
S3 File Gateway (Mountpoint) S3 File Gateway, also known as Mountpoint, allows your objects stored in S3 to be accessed as a local file system.
A developer doesn't want to hardcode the database password in their application code when developing a new application. Which service will help with accessing the password without having to hardcode it?
Secrets Manager Secrets Manager allows you to manage and retrieve secrets (passwords or keys).
Your company has multiple AWS accounts and wants you to provide a centralized view of security alerts and compliance status. Which service can do this for you?
Security Hub. Security Hub is a cloud security posture management service that checks your accounts against best practices set by the AWS Foundational Security Best Practices, CIS, and PCI benchmarks.
Which AWS service acts as a stateful virtual firewall?
Security groups Security groups add security at the instance level and are stateful.
You need to limit permissions across an Organization. What feature can provide this for you?
Service control policies (SCPs) AWS Organizations SCPs apply across all AWS accounts in an Organization and can sometimes be the blocker for users.
You are improving your current architecture, which incorporates tight coupling in the application. Which service can be used to promote loose coupling and asynchronous messaging?
Simple Queue Service (SQS) SQS is a message queuing service that allows you to build loosely coupled systems with asynchronous messaging and integration.
A financial company needs to migrate large amounts of data, at an exabyte scale, to AWS. Which AWS service can perform this type of migration?
Snowmobile. Snowmobile is able to migrate exabytes of data using a 45-foot shipping container to move your data.
Your company is launching EC2 instances and will need them for one year with very little to no downtime. What is the cheapest pricing option that still meets their requirements?
Standard Reserved Instances (RI) Reserved Instances can provide up to a 72% discount on on-demand pricing when you make a commitment and meet the requirements listed.
You want to ensure that all EC2 instances are patched overnight every week. Which AWS service can help you achieve this?
Systems Manager While Systems Manager offers some configuration management capabilities, it is not designed for configuration compliance assessment.
A customer has noticed several of their AWS accounts were hacked and used to mine bitcoin. Who is the BEST team to report the issue to?
The AWS Trust & Safety team The customer should contact the AWS Trust & Safety team using the form or email.
AWS Elastic Beanstalk is a service that manages web infrastructure
True
You need to implement a high-performance MySQL database. Which AWS service would you use?
Aurora Aurora is a high-performance managed relational database that supports MySQL and PostgreSQL databases.
Your company wants to move 50 of their databases into the cloud with as little downtime as possible. What service can accomplish this?
Database Migration Service (DMS) DMS can securely migrate over a million databases with minimal downtime.
You have been tasked with implementing encryption on your Elastic Block Store volumes. What services provides encryption for those volumes?
1.Amazon EBS Elastic Block Store (EBS) can be configured to encrypt volumes as you create them, as a rule in your account, or when you copy an existing volume. 2.AWS KMS Key Management Service (KMS) generates the keys used to encrypt the EBS volumes.
Which of the following are included in the Cloud Adoption Framework's Governance perspective?
1.Application portfolio ,anagement The Governance perspective focuses on minimizing transformation-related risks like managing application portfolios. 2.Cloud financial management The Governance perspective focuses on maximizing organizational benefits like cloud financial management.
You are running a website that experiences high traffic during certain periods of the day. You want to ensure optimal performance and cost efficiency. Which AWS service should you use?
1.CloudFront CloudFront can be used to allow users to access website content faster and cut costs of requests to and from instances. 2.Application Load Balancer Using a load balancer will help balance traffic across multiple instances, optimizing performance of those instances. 3.EC2 with Auto Scaling groups EC2 instances can host the website, and the Auto Scaling group can ensure that the amount of instances grows and shrinks with the traffic levels.
You have been tasked with optimizing EC2 instances and the usage across your account. Which of the following can help you do this?
1.Compute Optimizer Compute Optimizer can provide recommendations on how to optimize the use of your EC2 instance types based on utilization data. 2.Trusted Advisor Trusted Advisor can be used to provide recommendations on how to optimize instances for cost.
Which of the following is an action that can be taken by a root user?
1.Creating a MySQL database The root user has the most permissions and users can add resources as long as they have the correct permissions set up in the IAM service. That being said, you should not be using the root user for daily tasks! 2.Adjusting password requirements 3.Deleting your AWS account The root user is the only user that can delete your AWS account.
A company is considering a fully serverless architecture. Which AWS services should the company consider using when building applications?
1.DynamoDB. DynamoDB is a fully managed database service so you do not have any servers to manage. 2.Lambda. Lambda is a serverless compute service that uses functions to run code for tasks under 15 minutes. 3.Fargate. Fargate is a serverless container option.
You are selecting the support level you need in AWS. You only need service quotas, basic security Trusted Advisor checks. You do not need chat or phone support. What level of support meets these requirements?
1.Enterprise. Enterprise support level is the highest support level and includes everything from Technical Account Management, concierge-like billing support, and Incident Detection and Response. 2.Developer. Developer-level support only includes service quota and basic security Trusted Advisor checks and no phone or chat support.
You need to launch a temporary test environment quickly and have several tasks trigger other tasks. Which services can accomplish this?
1.Lightsail. Lightsail can quickly launch small projects, like a test environment or preconfigured WordPress websites. 2.Lambda. Lambda is a compute service that can be triggered to run tasks up to 15 minutes long.
A company is using Trusted Advisor to ensure they are following AWS best practices. What real-time guidance does Trusted Advisor provide?
1.Low utilization on EC2 instances Trusted Advisor checks this for all customers. 2.Open-access permissions for S3 buckets Trusted Advisor checks Amazon S3 buckets for open-access permissions, which allow anyone to access the bucket's contents. It also checks for bucket policies that might override these permissions, giving unintended users access to the bucket. 3.Exposed access keys Trusted Advisor checks this for Enterprise and Business Support customers.
The benefits of cloud computing include which of the following?
1.No data center spend. You can focus on building your applications instead of managing hardware, as you do not own the data center being used. 2.Stop guessing capacity. Because the cloud is elastic, your capacity is matched exactly to your demand.
You have been tasked with creating an environment and you have to use a JSON template to adhere to the company rules. What service allows you to do this?
CloudFormation CloudFormation lets you provision resources with a single template and is known as infrastructure as Code (IaC) using languages like YAML and JSON.
You need to monitor your EC2 instances and receive notifications when their CPU usage is above 80%. What service can do this for you?
CloudWatch CloudWatch collects data in real time and provides the ability to send notifications through Simple Notification Service when a threshold you set is crossed.
Your company is migrating into the cloud and needs to provide users with a way to federate into AWS. What service can help with this?
Cognito. Cognito can allow users access to AWS resources using federation through third-party sources like Google, Facebook, etc.
Your company needs to migrate into AWS and wants to have a contact center that can scale. What service can be implemented to accomplish this?
Connect Connect is an easy-to-use cloud contact center and can scale to support millions of customers.
Your company needs to migrate into AWS. They are preparing to create a contact center for users to call if they have issues with the website. What service can be implemented to accomplish this?
Connect Connect is an easy-to-use cloud contact center and can scale to support millions of customers.
You are using an Amazon RDS database in the AWS cloud. You want to estimate the monthly costs of running this database. Which AWS service can help you with this estimation?
Cost Explorer AWS Cost Explorer provides detailed cost estimates for AWS services, including Amazon RDS.
You are using several services to keep your application up and running in AWS. You want to view the monthly costs of running your application. Which AWS service can help you with this?
Cost Explorer. AWS Cost Explorer provides detailed costs for AWS services and provides a color-coded breakdown of where charges are coming from.
Your company wants you to encrypt data stored in EBS volumes. What best describes the data?
Data stored in EBS volumes is data at rest. Data at rest is data that is stagnant like data stored in EBS volumes, S3, or databases.