CMIT 326 Cloud Tech final exam 1
Which service would you use to send alerts based on Amazon CloudWatch alarms? A) Amazon Simple Notification Service (Amazon SNS) B) AWS CloudTrail C) AWS Trusted Advisor D) Amazon Route 53
(A) Amazon Simple Notification Service (Amazon SNS)
Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated? A) Amazon CloudWatch B) AWS CloudTrail C) AWS X-Ray D) AWS Identity and Access Management (AWS IAM)
(B) AWS CloudTrail
Which AWS service would simplify migration of a database to AWS? A) AWS Storage Gateway B) AWS Database Migration Service (AWS DMS) C) Amazon Elastic Compute Cloud (Amazon EC2) D) Amazon AppStream 2.0
(B) AWS Database Migration Service (AWS DMS)
How would a system administrator add an additional layer of login security to a user's AWS Management Console? A) Use AWS Cloud Directory B) Audit AWS Identity and Access Management (IAM) roles C) Enable Multi-Factor Authentication D) Enable AWS CloudTrail
(C) Enable Multi-Factor Authentication
Where can a customer find information about prohibited actions on AWS infrastructure? A) AWS Trusted Advisor B) AWS Identity and Access Management (IAM) C) AWS Billing Console D) AWS Acceptable Use Policy
(D) AWS Acceptable Use Policy
Which AWS offering enables customers to find, buy, and immediately start using software solutions in their AWS environment? A) AWS Config B) AWS OpsWorks C) AWS SDK D) AWS Marketplace
(D) AWS Marketplace
Which AWS networking service enables a company to create a virtual network within AWS? A) AWS Config B) Amazon Route 53 C) AWS Direct Connect D) Amazon Virtual Private Cloud (Amazon VPC)
(D) Amazon Virtual Private Cloud (Amazon VPC)
Which AWS Cost Management tool allows you to view the most granular data about your AWS bill
(Not Sure) AWS Cost and Usage report
How should a customer forecast the future costs for running a new web application
(Not Sure) AWS Simple Monthly Calculator, AWS Cost and Usage report
Which of the following steps should be taken by a customer when conducting penetration testing on AWS
(Not Sure) Request and wait for approval from AWS support, and then conduct testing, Request and wait for approval from the customer's internal security team, and then conduct testing
Which task is AWS responsible for in the shared responsibility model for security and compliance
(Not Sure)Encrypting data in transit, Updating Amazon EC2 host firmware
You have an application composed of individual services and you need to route a request to a service based on the content of the request. What type of load balancer should you use? a) Application Load Balancer b) Classic Load Balancer c) Network Load Balancer d) VPN Load Balancer
(a) Application Load Balancer
How is storage typically priced on AWS Cloud? a) Charged per GB b) Charged per hour or second c) Charged by instance type d) Charged by speed of transfer
(a) Charged per GB
Which of the following defines the AWS Command Line Interface (AWS CLI)? a) A suite of utilities that can be launched from a command program in Linux, macOS, or Windows. b) A systematic approach to evaluating and implementing architectures. c) Packages that enable access to AWS in a variety of programming languages. d) A rich graphical interface to a majority of the features offered by AWS.
(a)A suite of utilities that can be launched from a command program in Linux, macOS, or Windows.
Which of the following is a responsibility of the customer according to the shared responsibility model? a) Physical security of the facilities in which the services operate b) AWS Identity and Access Management (IAM) c) Protection of the global infrastructure d) Availability of third-party audit reports
(b) AWS Identity and Access Management (IAM)
Which AWS service is a managed DDoS protection service that safeguards applications running on AWS? a) AWS Identity and Access Management b) AWS Shield c) Amazon Inspector d) Amazon CloudWatch
(b) AWS Shield
Which service sends notifications or automatically makes changes to the resources being monitored based on rules you established? a) Elastic Load Balancing b) Amazon CloudWatch c) Amazon EC2 d) Amazon Aurora
(b) Amazon CloudWatch
Which of the following instance types provides you with a significant discount compared to On—Demand Instance pricing? a) Amazon EC2 Instant Instances b) Amazon EC2 Reserved Instances c) Amazon EC2 Dedicated Instances d) Amazon EC2 Dedicated Hosts
(b) Amazon EC2 Reserved Instances
Which components of the AWS infrastructure can be described as multiple, isolated locations within one geographic area? a) S3 Buckets b) Availability Zones c) Regions d) Edge Locations
(b) Availability Zones
You have been tasked with distributing a newsletter that will be pushed out to administrators by email. Which of the following is the best solution? a) Store the newsletters in an Amazon Simple Storage Service (Amazon SB) bucket and distribute them with AWS Cloudtrail. b) Create a topic in Amazon Simple Notification Service (Amazon SNS) that administrators can subscribe to. c) Create a messaging queue in Amazon CloudFront. d) Route the newsletters to an Amazon ElastiCache store
(b)Create a topic in Amazon Simple Notification Service (Amazon SNS) that administrators can subscribe to.
Which of the following is a managed Distributed Denial of Service (DDoS) protection service? a) AWS Identity and Access Management (IAM) b) Amazon Inspector c) AWS Shield d) AWS Trusted Advisor
(c) AWS Shield
Your company is developing a critical application, and the security of the application is one of the top priorities. Which of the following AWS services will provide recommendations for security optimization for your infrastructure? a) Amazon Aurora b) Amazon CloudWatch c) AWS Trusted Advisor d) Amazon Inspector
(c) AWS Trusted Advisor
Which of the following tasks is the customer's responsibility when creating Amazon VPC security groups? a) Selecting an appropriate load balancing strategy for the network routers. b) Choosing the level of physical security for the network. c) Adding rules regarding inbound traffic to the security group. d) Ensuring that the security groups are linked to Amazon EC2.
(c) Adding rules regarding inbound traffic to the security group.
Which service provides persistent block storage volumes for use with Amazon EC2 instances? a) Amazon S3 b) Amazon DynamoDB c) Amazon EBS d) Amazon EFS
(c) Amazon EBS
What is Elastic Load Balancing? a) Automatically stopping traffic when targets are overloaded b) Automatically monitoring traffic to ensure that costs are kept beneath a specified threshold c) Automatically distributing traffic across multiple targets d) Automatically slowing traffic to decrease latency
(c) Automatically distributing traffic across multiple targets
What is Amazon Route 53? a) A monitoring and management service that collects and tracks metrics b) A fast and flexible nonrelational database service for all applications that need consistent, single—digit millisecond latency at any scale c) A cloud service solution that establishes private connectivity between AWS and your data center, office, or colocation environment d) A highly available and scalable Domain Name System (DNS) web service
(d) A highly available and scalable Domain Name System (DNS) web service
Who is responsible for security of the cloud according to the shared responsibility model? a) IAM roles b) Customer c) AWS Support d) AWS
(d) AWS
Which of the following services provides you with data and actionable insights to monitor your applications, understand and respond to system—wide performance changes, optimize resource utilization, and get a unified view of operational health? a) AWS CloudTrail b) AWS Cloud9 c) AWS CloudFormation d) Amazon CloudWatch
(d) Amazon CloudWatch
Which component of the AWS global infrastructure supports the caching of content for faster access? a) Regions b) AWS Direct Connect locations c) Availability Zones d) Edge locations
(d) Edge locations
Which of the following components is included in the value proposition of the AWS Cloud? a) Physical relocation of your servers b) Fully independent development without parameters c) Informal security restrictions d) Massive economies of scale
(d) Massive economies of scale
Which of the following is a best practice for adding an additional layer of security when logging into the AWS Management Console? a) Secondary password b) Root access permissions c) Secondary user name d) Multi-factor authentication (MFA)
(d) Multi-factor authentication (MFA)
Which of the following options describes the most common AWS billing model? a) Pay in advance b) Annual billing c) Daily billing d) Pay as you go
(d) Pay as you go
Which category of services includes Amazon S3? a) Migration b) Security c) Computing d) Storage
(d) Storage
With Amazon Virtual Private Cloud (Amazon VPC), what is the maximum size IP address range you can have in a VPC? (Select the best answer.)
/16
With Amazon Virtual Private Cloud (Amazon VPC), what is the smallest size subnet you can have in a VPC? (Select the best answer.)
/28
Which of the following usage will always be cost-free even after your account's Free Tier has expired? (Select TWO.)
10 GB of data retrievals from Amazon Glacier per month, 10 custom monitoring metrics and 10 alarms on Amazon CloudWatch
Which of the following is a valid CIDR for a VPC or subnet?
10.0.0.0/28
You are a solutions architect who works at a large retail company that is migrating its existing infrastructure to AWS. You recommend that they use a custom VPC. When you create a VPC, you assign it to an IPv4 Classless Inter-Domain Routing (CIDR) block of 10.0.1.0/24 (which has 256 total IP addresses). How many IP addresses are available? (Select the best answer.)
251
On how many continents are CloudFront edge locations distributed?
6
What are two differences between a virtual private network (VPN) connection and a Direct Connect connection? (Select TWO.)
A Direct Connect connection offers predictable latency because it doesn't traverse the internet. B. A VPN connection uses the internet for transport.
What is true about Regions?
A Region is a physical location that has multiple Availability Zones., Each Region is located in a separate geographic area.
d
A client application requires operating system privileges on a relational database server. What is an appropriate configuration for highly available database architecture? a. A standalone Amazon EC2 instance b. Amazon RDS in a Multi-AZ configuration c. Amazon EC2 instances in a replication configuration utilizing a single Availability Zone d. Amazon EC2 instances in a replication configuration utilizing two different Availability Zones
Which of the following are signs of a highly available application
A failure in one geographic region will trigger an automatic failover to resources in a different region,Spikes in user demand are met through automatically increasing resources.
Who manages NAT Gateway
AWS
Which of the following helps a customer delve deep into the Amazon EC2 billing activity for the past month
AWS Cost & Usage Reports
A company has decided to migrate its Oracle database to AWS. Which AWS service can help achieve this without negatively impacting the functionality of the source database
AWS Database Migration Service
Which AWS service would simplify migration of a database to AWS
AWS Database Migration Service (AWS DMS)
What does Amazon CloudFront use to distribute content to global users with low latency
AWS Edge Locations
Which of the following is an AWS Region for which customer access is restricted?
AWS GovCloud
Which of the following AWS services has no additional charge associated with its use (The resources provisioned within the service may incur costs)
AWS Identity and Access Management
Which of the following is the responsibility of the customer according to the shared responsibility model
AWS Identity and Access Management
What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice areas
AWS Professional Services
An administrator needs to rapidly deploy a popular IT solution and start using it immediately. Where can the administrator find assistance
AWS Quick Start reference deployments
Which AWS service is a managed DDos protection service that safeguards application running on AWS
AWS Shield
Which services are parts of the AWS serverless platform
AWS Step Functions, Amazon DynamoDB, Amazon SNS
Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance
AWS Trusted Advisor
Your company is developing a critical application, and the security of the application is one of the top priorities. Which of the following AWS services will provide recommendations for security optimization for your infrastructure
AWS Trusted Advisor
Your company is developing a critical web application in AWS and the security of the application is one of the top priorities. Which of the following AWS services will provide infrastructure security optimization recommendations
AWS Trusted Advisor
A company has moved to AWS recently. Which of the following would help them ensure that the right security settings are put in place?
AWS Trusted Advisor & Amazon Inspector
Which of the following security-related services does AWS offer
AWS Trusted Advisor security checks, Data encryption
Hundreds of thousands of DDoS attacks are recorded every month worldwide. What does AWS provide to protect from these attacks
AWS WAF & AWS Shield
Snowball
AWS ________- this service accelerates transferring large amounts of data into and out of AWS using physical storage devices, bypassing the internet. Each device type can transport data at faster than internet speed. This transport is done by shipping the data in the devices through a regional carrier.
application discovery service
AWS __________ __________ ______________ helps systems integrators quickly and reliably plan application migration projects by automatically identifying applications running in on-premises data centers.
Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery
AWS edge locations
Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management
AWS manages the maintenance of the operating system
Which of the following is likely to be an accurate source of AWS pricing information?
AWS online documentation relating to a particular service
EC2, EMR, Elastic Beanstalk, opswork
AWS provides root or system privileges only for a limited set of services, which include (list 4)
Which of the following is a benefit of using the AWS Cloud
Ability to focus on revenue-generating activities.
Which AWS IAM feature allows developers to access AWS services through the AWS CLI
Access keys
Which of the following must an IAM user provide to interact with AWS services using the AWS Command Line Interface (AWS CLI)
Access keys
Which of the following security-related actions are available at no cost
Accessing forums, blogs, and whitepapers
Which of the following is an example of horizontal scaling in the AWS Cloud
Adding more EC2 instances to handle an increase in traffic
Which of the following tasks is the customer's responsibility when creating Amazon VPC security groups
Adding rules regarding inbound traffic to the security group
Which of the following IAM policies is the best choice for the admin user you create in order to replace the root user for day-to-day administration tasks?
AdministratorAccess
You have set up consolidated billing for several AWS accounts. One of the accounts has purchased a number of reserved instances for 3 years. Which of the following is true regarding this scenario
All accounts can receive the hourly cost benefit of the Reserved Instances
Which of the following can be described as a global content delivery network (CDN) service
Amazon CloudFront
Which AWS service allows companies to connect an Amazon VPC to an on-premises data center
Amazon Direct Connect
Which of the following is a fast and reliable NoSQL database service
Amazon DynamoDB
Your company has a data store application that requires access to a NoSQL database. Which AWS database offering would best meet this requirement
Amazon DynamoDB
Which service provides persistent block storage volumes for use with Amazon EC2 instances
Amazon EBS
Which AWS service can be used to manually launch instances based on resource requirements
Amazon EC2
Which of the following AWS Cloud services can be used to run a customer-managed relational database
Amazon EC2
A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application's response time is optimal
Amazon ElastiCache
Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance
Amazon Machine Image
Which AWS managed service is used to host databases
Amazon RDS
You work as an on-premises MySQL DBA. The work of database configuration, backups, patching, and DR can be time-consuming and repetitive. Your company has decided to migrate to the AWS Cloud. Which of the following can help save time on the regular database tasks so you can focus on giving users the fast performance and high availability that they need
Amazon RDS
Which service provides a virtually unlimited amount of online highly durable object storage
Amazon S3
Which service provides object-level storage in AWS
Amazon S3
Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities
Amazon S3
Which of the following S3 storage classes is ideal for data with unpredictable access patterns
Amazon S3 Intelligent-Tiering
Which service is used to ensure that messages between software components are not lost if one or more components fail
Amazon SQS
Which service would you use to send alerts based on Amazon CloudWatch alarms
Amazon Simple Notification Service (Amazon SNS)
What is the AWS service that provides a virtual network dedicated to your AWS account
Amazon VPC
Which AWS networking service enables a company to create a virtual network within AWS
Amazon Virtual Private Cloud (Amazon VPC)
S3
Amazon ____ is storage for the internet. It provides a simple web interface that offers a highly scalable, reliable, and low latency data storage infrastructure at very low costs.
CloudFront
Amazon ___________ can be used to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations. Requests for your content are automatically routed to the nearest edge locations, so content s delivered with the best possible performance.
CloudFront
Amazons CDN; (Content Delivery Network) which is a system of distributed servers that deliver webpages and other web content to a user based on the geographic locations of the user, the origin of the webpage, and a content delivery server.
What is an EC2 Instance?
An Elastic Cloud Compute instance is a virtual machine service provided by AWS. It is an IaaS service, where AWS provides the infrastructure and the client must take advantage of other tools to configure their environment.
What is an Internet Gateway
An Internet gateway (IGW) is a VPC component that allows communication between instances in your VPC and the Internet.
AWS account that created it
An S3 bucket is owned by the ______________________ ______________________________.
What will you need to provide for a new IAM user you're creating who will use "programmatic access" to AWS resources?
An access key ID and secret access key
How would an AWS customer easily apply common access controls to a large set of users
Apply an IAM policy to an IAM group
What's the most efficient method for managing permissions for multiple IAM users
Assign users requiring similar permissions to IAM groups
Which of the following is a component of the shared responsibility model managed entirely by AWS
Auditing physical data center assets
What technology enables compute capacity to adjust as loads change
Auto Scaling
Which of the below is a best-practice when designing solutions on AWS
Automate wherever possible to make architectural experimentation easier
What are the advantages of cloud computing over computing on premises
Avoid large capital purchases, use on demand capacity, go global in minutes, increase speed and agility
Which of the following is a shared control between the customer and AWS
Awareness and training
Why is it that most AWS resources are tied to a single region
Because those resources are run on a physical device, and that device must live somewhere
One of the most important AWS best-practices to follow is the cloud architecture principle of elasticity. How does following this principle improve your architecture's design
By automatically provisioning the required AWS resource based on changes in demand
What text format does the credential report use?
CSV
Under the shared responsibility model, which of the following is the AWS' responsibility
Configuring infrastructure devices
What should you do in order to keep the data on EBS volumes safe? (Choose two)
Create EBS snapshots & Ensure that EBS data is encrypted at rest
If each department within a company has its own AWS account, what is one way to enable consolidated billing
Create an AWS Organization from the payer account and invite the other accounts to join
What does KMS use to encrypt objects stored on your AWS account?
Customer master key
What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO
Data center security
What is the AWS customer responsible for according to the AWS shared responsibility model
Data encryption
When performing a cost analysis that supports physical isolation of a customer workload, which compute hosting model should be accounted for in the Total Cost of Ownership (TCO)
Dedicated Hosts
Distributing workloads across multiple Availability Zones support which cloud architecture design principle
Design for failure
What does the AWS Personal Health Dashboard provide?
Detailed troubleshooting guidance to address AWS events impacting your resources & personalized view of AWS service health
What do you gain from setting up consolidated billing for five different AWS accounts under another master account
Each AWS account gets volume discounts
Which AWS feature will reduce the customer's total cost of ownership (TCO)
Elastic computing
How would a system administrator adds an additional layer of login security to a user's AWS Management Console
Enable Multi-Factor Authentication
Security Groups can specify deny rules
False, only allow statements are allowed
Security groups are stateless
False, they are stateful
Network ACLs are NOT stateless. True or False?
False: they are stateless
Which of the following are the categories of AWS Trusted Advisor
Fault Tolerance, Performance
Which of the following Simple Monthly Calculator selections will likely have an impact on most other configuration choices on the page? (Select TWO.)
Free Usage Tier D. Choose Region
When architecting cloud applications, which of the following are a key design principle
Implement elasticity
name
In S3, the key is the ___________ of the object
You want to run a questionnaire application for only one day (without interruption), which Amazon EC2 purchase option should you use
On-demand instances
Which of the following is the most accurate description of an AWS Availability Zone
One or more independently powered data centers running a wide range of hardware host types
Which of the following is the customer's responsibility under the AWS shared responsibility model
Patching Amazon EC2 instances
Which of the following examples best demonstrates the agility that cloud computing offers
Spin up servers in minutes, and shut down servers when you don't need them
Which category of services includes Amazon S3
Storage
T
T/F: S3 is serverless
According to the AWS Shared Responsibility Model, which of the following are responsibilities of AWS? (Select TWO.)
The security of the cloud B. Patching underlying virtualization software running in AWS data centers
EC2
This service provides virtual compute resources in the cloud.
Network Access Control List apply to all instances in subnet?
True, Automatically applies to all instances in the subnets its associated with
Throughput Optimized HDD (ST1) (Magnetic)
Type of EBS Volume; - low cost volume designed for frequently accessed, throughput intensive workloads.
Cold HDD (SC1) (Magnetic)
Type of EBS Volume; - lowest cost volume designed for less frequently accessed workloads (file servers)
Who manages NAT Instance
User
Snapshots
You back up EBS volumes using __________
bucket+key+version
You can think of Amazon S3 as a basic data map between _____________________ and the object itself. Every object in Amazon S3 can be uniquely addressed through the combination of the web service endpoint, bucket name, key, and optionally, a version.
Key
a ___ is the unique identifier for an object within a bucket. Ever object in a bucket has exactly one. The combination of a bucket and this, and version ID uniquely identify each object.
How is storage typically priced on AWS Cloud? a. Charged per GB b. Charged by speed of transfer c. Charged by instance type d. Charged per hour or second
a. Charged per GB
which of the following is a compute service
amazon ec2
Which among the options below is a highly available and scalable cloud Domain Name System (DNS) web service in AWS? a. Lighttail b. Active Directory Domain Service c. Rekcognition d. Route 53
d. Route 53 Is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.tutorialsdojo.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well
Which of the following use cases is appropriate for Amazon CloudFront (Select Three) a. Schema Generation b. Database Backups c. Auto Scaling d. Static Asset Caching e. Live on-demand video streaming f. Security and encryption
d. Static Asset Caching e. Live on-demand video streaming f. Security and encryption
True or False? Private subnets have direct access to the internet.
false
Economies of scale result from ____
having hundreds of thousands of customers aggregated in the cloud
a,b
in which of the following ways can security privileges be granted to Docker Containers? (Choose 2) a. Role granted to ECS container instances b. role gratned to an ECS task c. Image in ECR d. Role granted to an ECS cluster
From where does CloudFront retrieve content to store for caching?
origins
Action in IAM Policy
specifies the API calls that can be made against an AWS Service (eg cloudwatch:ListMetrics)
REST API
the ______ ______ is an HTTP interface to Amazon S3. Using REST, you use standard HTTP requests to create, fetch, and delet buckets and objects
Elastic IP Address
what does EIP stand for?
access control lists (ACL)
you can control access to each of your buckets and objects using an ______ ______ _________.
A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house. Which of the following AWS programs can a customer take advantage of to achieve that outcome
AWS Partner Network Consulting Partners
Which AWS service provides a customized view of the health of specific AWS services that power a customer's workloads running on AWS
AWS Personal Health Dashboard
Which AWS service provides alerts when an AWS event may impact a company's AWS resources
AWS Personal Health Dashboard
What does AWS provide to deploy popular technologies - such as IBM MQ - on AWS with the least amount of effort and time
AWS Quick Start reference deployments
What is the difference between AWS regions and Availability Zones (AZ)?
AWS Regions are a collection of data centers that are displayed as a section like us-east-1, they are physical locations. Resources have to be deployed in a region. An availability zone is a group of one or more data centers within a Region. These are logical groups of data centers (which may be located in the same complex or building), and appear to the user in AWS as us-east-1a , -1b, etc. Resources are added to a availability zone in a region when deployed, and resources that need to interact with each other should be kept in the same AZ. For fault tolerance, deploy a separate set of your resources / applications to a different zone or region.In summary - a region is made up of availability zones. Resources are deployed in an AZ inside a region.
Which service provides a hybrid storage service that enables on-premises applications to seamlessly use cloud storage
AWS Storage Gateway
A company has an Enterprise Support subscription. They want quick and efficient guidance with their billing and account inquiries. Which of the following should the company use
AWS Support Concierge
CodeCommit
AWS _____________ is a highly available, highly scalable managed SOURCE-CONTROL service that hosts private Git repositories.
Which of the following are true of a default VPC? (Select TWO.)
AWS creates a default VPC in each region.,By default, each default VPC is available to one AWS account
A customer needs to run a MySQL database that easily scales. Which AWS service should they use
Amazon Aurora
A developer is planning to build a two-tier web application that has a MySQL database layer. Which of the following AWS database services would provide automated backups to his application
Amazon Aurora
A company is planning to host an educational website on AWS. Their video courses will be streamed all around the world. Which of the following AWS services will help achieve high transfer speeds
Amazon CloudFront
Which AWS services can be used to gather information about AWS account activity
Amazon CloudFront, AWS CloudTrail
Which service sends notifications or automatically makes changes to the resources being monitored based on rules you established
Amazon CloudWatch
You have deployed your application on multiple Amazon EC2 instances. Your customers complain that sometimes they can't reach your application. Which AWS service allows you to monitor the performance of your EC2 instances to assist in troubleshooting these issues
Amazon CloudWatch
Which of the following services provides you with the data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health
Amazon Cloudwatch
What is the AWS database service that allows you to upload data structured in key-value format
Amazon Dynamo DB
Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking
Amazon EC2
A company is migrating an application that is running non-interruptible workloads for a three-year time frame. Which pricing construct would provide the MOST cost-effective solution
Amazon EC2 Reserved Instances
Why is AWS more economical than traditional data centers for applications with varying compute workloads
Amazon EC2 instances can be launched on-demand when needed
A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes. Which service should the company use
Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)
Which AWS services can host a Microsoft SQL Server database
Amazon EC2, Amazon Relational Database Service (Amazon RDS)
Which of the following instance types provides you with a significant discount compared to On-Demand Instance pricing
Amazon EC2, Reserved Instances
Which AWS service provides a simple and scalable shared file storage solution for use with Linux-based AWS and on-premise servers
Amazon EFS
Which service is best for storing common database query results, which helps to alleviate database access load
Amazon ElastiCache
Which of the following are examples of AWS-Managed Services, where AWS is responsible for the operational and maintenance burdens of running the service
Amazon Elastic MapReduce & Amazon DynamoDB
You have discovered that some AWS resources are being used in malicious activities that could compromise your data. What should you do
Contact the AWS Abuse team
An organization has decided to reserve EC2 compute capacity for three years in order to get more discounts. Their application workloads are likely to change during this time period. What is the EC2 Reserved Instance (RI) type that will allow them to modify the reservation whenever they need to
Convertible RI's
Which of the Reserved Instance (RI) pricing models can change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value
Convertible RIs
Which of these tools lets you design graphs within the browser interface to track your account spending?
Cost Explorer
What is the main difference between the goals of Cost Explorer and of cost and usage reports?
Cost Explorer displays visualizations of high-level historical and current account costs, while cost and usage reports generate granular usage reports in CSV format.
The use of what AWS feature or service allows companies to track and categorize spending on a detailed level
Cost allocation tags
Which AWS tools assist with estimating costs
Cost allocation tags, AWS Simple Monthly Calculator, AWS Total Cost of Ownership (TCO) Calculator
You have been tasked with distributing a newsletter that will be pushed out to administration by email. Which of the following is the best solution
Create a topic in Amazon Simple Notification Service that administrators can subscribe to
A company has 70 employees divided into 10 departments. The IT administrator wants to customize each department's access to AWS. Which of the following options is most appropriate
Create an IAM group for each department, and assign IAM users to the groups
How does the metered payment model make many benefits of cloud computing possible? (Select TWO.)
Experiments with multiple configuration options are now cost-effective,Full-stack applications are possible without the need to invest in capital expenses
Security Groups operate at subnet level?
False, they operate at an instance level
Which of the following are direct benefits of server virtualization
Fast resource provisioning and launching,Efficient (high-density) use of resources
When are free data transfers applicable across AWS? (Choose two.)
Free outbound data transfer between AWS services within the same Region, Free inbound data transfer for Amazon Elastic Compute Cloud (Amazon EC2) instances
A company is introducing a new product to their customers, and is expecting a surge in traffic to their web application. As part of their Enterprise Support plan, which of the following provides the company with architectural and scaling guidance
Infrastructure Event Management
What is the difference between the three Cloud Service Models -- IaaS, PaaS, and SaaS?
Infrastructure as a Service is where the "hardware resources" are managed by the provider, and the customer must provision the resources, provide the OS image, application, etc. Platform as a Service is where the operating system and environment are also managed by the provider, to where the customer needs to only install their own applications to interact with data. Software as a Service is the most common for retail consumers, where the provider manages all backend aspects, and the customer is able to log in and interact with their data directly - no install or setup required.
A customer is deploying a new application and needs to choose an AWS Region. Which of the following factors could influence the customer's decision
Reduced latency to users, Data sovereignty compliance
What role can the documents provided by AWS Artifact play in your application planning? (Select TWO.)
They can help you confirm that your deployment infrastructure is compliant with regulatory standards. B. They can provide insight into various regulatory and industry standards that represent best practices.
Which of the following best describes one possible reason for AWS service limits
To prevent individual customers from accidentally launching a crippling level of resource consumption
What is the main goal for creating a Usage budget type (in AWS Budgets
To track particular categories of resource consumption
What AWS tool compares the cost of running your application in an on-premises data center to AWS? (Select the best answer.)
Total Cost of Ownership (TCO) calculator
General Purpose SSD (GP2)
Type of EBS Volume; Balances price and performance for a wide variety of workloads
Provisioned IOPS SSD (IO1)
Type of EBS Volume; highest performance volume for mission critical low latency or high throughput workloads.
According to best practices, how should an application be designed to run in the AWS Cloud
Use loosely coupled components.
Which of the following is an important architectural design principle when designing cloud applications
Use multiple Availability Zones.
A customer is using multiple AWS accounts with separate billing. How can the customer take advantage of volume discounts with minimal impact to the AWS resources
Use the consolidated billing feature from AWS Organizations.
How does multi-factor authentication work?
Users authenticate using a password and also either a physical or virtual MFA device
AWS supports which of the following methods to add security to Identity and Access Management (IAM) users
Using Multi-Factor Authentication (MFA), Enforcing password strength and expiration
What approach to transcoding a large number of individual video files adheres to AWS architecture principles
Using many instances in parallel
spot instances
_______ ________ are spare EC2 capacity that can save you up to 80% off of On-Demand prices that AWS can interrupt with a 2-minute notification. Spot uses the same underlying EC2 isntances as On-Demand and Reserved Instances, and is best suited for fault tolerant, flexible workloads.
IAM Policies
_______ ________ are used to setup permissions for users within your own Account. Unlike ACL Policies that are used for Outside of your Account. can be used to grant temporary access to users
edge location
_______ ___________ - this is the location where content will be cached. This is separate to an AWS Region/AZ
Origin
________ - this is the origin of all the files that the CDN will distribute. This can be an S3 bucket, an EC2 instance, Elastic Load Balancer, or Route53.
access control lists (ACLs)
________ ________ ________ enable you to manage access to buckets and objects. Each bucket and object has one attached to it as a subresource.
Elastic Container Registry (ECR)
________ __________ ____________ is a fully managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker images. It is integrated with ECS, simplifying your development to production workflow.
Amazon Inspector
________ ____________ is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
Roles
________ are much more secure than using access key id's and secret access keys; and are easier to manage you can apply them to EC2 instances at any tie. When you do this, the change takes place immediately. They are universal. YOu do not need to specify what region they are in; similar to users
Objects
________ are the fundamental entities stored in S3. Consists of the ____ data and the metadata at the time it is stored.
Distribution
__________ - this is the name given to the CDN which consists of a collection of edge locations
Amazon RDS
__________ _______ makes it easy to setup, operate, and scale a relational database in the cloud. it takes away the time consuming tasks of hardware provisioning, setup, patching, and backups so you can focus on your applications.
AWS Certificate Manager (ACM)
__________ __________ ____________ handles the complexity of creating and managing public SSL/TLS certificates for your AWS based websites and applications.
Elastic Beanstalk
__________ ___________ is a service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go and Docker on web servers such as Apache, Nginx, Passenger, and IIS.
elasticache
__________ is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. The service improves the performance of we applications by allowing you to retrieve information from fast, managed, in memory caches instead of relying entirely on slower disk based databases.
reduced redundancy storage (RRS)
___________ __________ ______________ is an Amazon S3 storage option that enables customers to reduce their costs by storing noncritical reproducible data at lower levels of redundancy than S3s standard storage.
Snowball
___________ is a petabyte scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud.
authentication
___________ is a process of verifying the identity of the requester trying to access an AWS product
CloudFormation
____________ provides sysadmin, network architect, and other IT personnel the ability to provision and manage stacks of AWS resources base don templates you create to model your infrastructure architecture.
What is the difference between an AZ and a VPC?
a VPC is deployed in a region and can be available across multiple availability zones in that region. An AZ is a logical zone in a region that has some physical isolation from another AZ in the region. A VPC is logical, AZ is physical. The difference between an AZ and a VPC is that the Virtual Private Cloud contains all of the availability zones in a specific AWS region. A Virtual Private Cloud is beneficial because you are able to add one or two subnets in each availability zone. It is also beneficial because by using a VPC, you are able to add subnets to a local zone that may be closer to your end users. A local zone allows your end zones to start applications that need single digit latencies in milliseconds. By using the Virtual Private Cloud, you can use local zones which will give you faster latency speeds. Availability zones are unique locations that are made to be kept away from failures in other availability zones. They may not be as close to you as a local zone is, so choosing to use the availability zone instead of the local zone through the Virtual Private Cloud will give you slower latency speeds.
bucket
a __________ is a container for objects stored in S3. Every object is contained in one.
group
a __________ is simply a place to store your users. Your users will inherit ll permissions that the group has. examples of groups might be developers, sys admins, finance, etc.
what is a route table
contains a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in a VPC must be associated with a route table; the route table controls routing for the subnet.
Which of the following allows you to set coverage targets and receive alerts when your utilization drops below the threshold you define? a. AWS Trusted Advisor b. AWS Cost Explorer c. Amazon CloudWatch Billing Alarms d. AWS Budgets
d. AWS Budgets AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.
Which of the following AWS services has no additional charge associated with its use? (The resources provisioned within the service may incur costs.) a. Amazon Elastic Computer Cloud (Amazon EC2) b. Amazon Elastic Block Store (Amazon EBS) c. Amazon Simple Storage Service (Amazon S3) d. AWS Identity and Access Management (IAM)
d. AWS Identity and Access Management (IAM)
Which method would you used to access AWS services through an easy-to-use graphical interface? a. Software Development Kits (AWS SDK) b. AWS EasyLauch c. AWS Command Line Interface (AWS CLI) d. AWS Management Console
d. AWS Management Console
Which AWS sevice is a managed DDos protection service that safeguards applications running on AWS? a. Amazon Inspector b. Amazon CloudWatch c. AWS Identity and Access Management d. AWS Shield
d. AWS Shield
"Increase speed and ______" is one of the six advantages of Cloud Computing which refers to the reduction of acquisition time for making new compute resources available to your developers from weeks to just minutes. a. Elasticity b. Reliability c. High Availability d. Agility
d. Agility There are six advantages of using Cloud Computing: 1. Trade capital expense for variable expense 2. Benefit from massive economies of scale 3. Stop guessing capacity 4. Increase speed and agility 5. Stop spending money running and maintaining data centers 6. Go global in minutes
A company is currently using an On-Demand EC2 instance for their application which they plan to migrate to a Reserved EC2 Instance to save on cost. Which of the following is the most cost-effective option if the application being hosted would be used for more than 3 years? a. All upfront Convertible Reserved Instance pricing for a 1 year term b. No upfront Standard Reserved Instance pricing for a 1 year term that is renewed every year. c. No Upfront Convertible Reserved Instance pricing for a 3 year term d. All Upfront, Standard Reserved Instance pricing for a 3 year term
d. All Upfront, Standard Reserved Instance pricing for a 3 year term
Which service provides persistent block storage volumes for use with Amazon EC2 instances? a. Amazon S3 b. Amazon EFS c. Amazon DynamoDB d. Amazon EBS
d. Amazon EBS
There is a requirement to launch a new database in AWS where the customer assumes the responsibility and management of the guest operating system, including updates and security patches. Which of the following services should the customer use? a. Amazon DocumentDB b. Amazon DynamoDB c. Amazon Aurora d. Amazon EC2
d. Amazon EC2 Since you have more control over your EC2 instance, you can install any database that you prefer and manage its guest operating system, including the required updates and security patches. You can also choose an AMI with a pre-installed database (such as PostgreSQL or MySQL) in the Amazon EC2 Dashboard to save your time. Hence, the correct answer is Amazon EC2.
Among the following services, which is the most suitable one to use to store the results of I/O-intensive SQL database queries to improve application performance? a. AWS Greengrass b. Amazon CloudFront c. Amazon DynamoDB Accelerator (DAX) d. Amazon ElasticCache
d. Amazon ElasticCache Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale popular open source compatible in-memory data stores. With this service, you can build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. In-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive database queries or the results of computationally-intensive calculations.
Resource in IAM Policy
defines the scope of entities covered by the policy rule (eg a specific Amazon S3 bucket or Amazon EC2 instance, or which means any resource*).
How would a system administrator add an additional layer of login security to a user's AWS Management Console? (Select the best answer.)
enable MFA
What is a VPC
enables you to launch Amazon Web Services (AWS) resources into a virtual network that you defined. This virtual network closely resembles a traditional network that you would operate in your own data center, with the benefits of using the scalable infrastructure of AWS. You can create a VPC that spans multiple Availability Zones.`Virtual Private Cloud
True or False? AWS Key Management Service (AWS KMS) enables you to assess, audit, and evaluate the configurations of your AWS resources.
false
True or False? Cloud computing provides a simple way to access servers, storage, databases, and a broad set of application services over the internet. You own the network-connected hardware required for these services and Amazon Web Services provisions what you need.
false
True or False? Edge locations are only located in the same general area as Regions.
false
True or false? To receive the discounted rate associated with Reserved Instances, you must make a full, upfront payment for the term of the agreement.
false
True or false? Unlimited services are available with the AWS Free Tier to new AWS customers for 12 months following their AWS sign-up date. (Select the best answer.)
false
______ means the infrastructure has built-in component redundancy and ______ means that resources dynamically adjust to increases or decreases in capacity requirements.
fault tolerant, elastic and scalable
which of the folowing are not benefits of aws cloud compuitng
high latency, multiple procurement cycles
200
how many subnets can you create per VPC?
Which of the following AWS documentation URLs points to the page containing an up-todate list of service limits?
https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html
value
in S3, the ________ is simply the data and is made up of a sequence of bits.
Transfer acceleration
S3 _________ ___________ enables fast, easy, and secure transfers of files over long distances between your end users and an S3 bucket. Takes advantage of CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path
programming language neutral
S3 architecture is designed to be ________ ________ _________, using AWS suppored interfaces to store and retrieve objects.
cross region replicaton
S3 bucket configuration: _________ _________ _________ is the automatic, asynchronous copying of objects across buckets in different AWS Regions.
Eventual consistency
S3 offers __________ _________ for overwrite PUTS and DELETES in all Regions.
read after write consistency
S3 provides ________ ______ _________ _______ for PUTS of new objects in your S3 bucket in all Regions with one caveat. The caveat is that if you make a HEAD or GET request to the key name (to find if the object exists) before reating the object, S3 provides eventual consistency for Read after write.
S3 Standard
S3 storage type: 99.99% availability 11 9s % durability Stored redundantly across multiple devices in multiple facilities, and is designed to sustain the loss of 2 facilities concurrently.
S3 glacier
S3 storage type: Secure, durable, and low cost storage class or data archiving. Retrieval times configurable from minutes to hours
S3 Intelligent Tiering
S3 storage type: designed to optimize costs by automatically moving data to the most cost effective access tier, without performance impact or operational overhead.
S3-IA (infrequently accessed)
S3 storage type: for data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3, but you are charged a retrieval fee.
S3 One Zone-IA
S3 storage type: for when you want a lower cost option for infrequently accessed data, but do not require the multiple AZ data resilience
Which of the following are valid third-party federated identity standards?
SAML 2.0 D. Active Directory
What does AWS Snowball provide?
Secure transfer or large amounts of data into and out of the AWS Cloud
Which of the following tasks is the responsibility of AWS
Securing the Amazon EC2 hypervisor
Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard
Security Groups, Subnets
buckets
objects in S3 are stored in __________
What is Amazon EBS
offers persistent storage for Amazon EC2 instances. Amazon EBS volumes are network-attached and persist independently from the life of an instance. Amazon EBS volumes are highly available, highly reliable volumes that can be leveraged as an Amazon EC2 instances boot partition or attached to a running Amazon EC2 instance as a standard block device.
what is the pricing model that enables AWS customers to pay for resouces on an as needed basis
pay as you go
what is not a benefit of cloud computing over on premises computing
pay for racking, stacking and powering servers
what is a cloud deployment model
platforma s a service, infrastructure as a serice, software as a service
encrypted
public snapshots of __________ volumes are not supported, but you can share an encrypted snapshot with specific accounts
Which of these are ways to access AWS core services?
Software Development Kits (SDKs), AWS Command Line Interface (AWS CLI), AWS Management Console
What is a hypervisor
Software used to administrate virtualized resources run on physical infrastructure
Which Amazon EC2 instance pricing model can provide discounts of up to 90%
Spot Instances
Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances
Spot Instances
You are working on a project that involves creating thumbnails of millions of images; however, consistent up time is not really an issue, and continuous processing is not required. Which type of EC2 buying option would be the most cost-effective
Spot Instances
Which of the following use cases is appropriate for Amazon CloudFront
Static asset caching, Live on-demand video streaming, Security and encryption
T
T/F: Bucket names must be unique globally
T
T/F: By default, new subnets in a custom VPC can communicate with each other across AZs
T
T/F: EBS Volumes are automatically replicated across Availability Zones.
T
T/F: Each EBS volume is automatically replicated within its AZ to protect you from component failure
T
T/F: Objects stored in a region never leave the region unless you explicitly transfer them to another region.
T
T/F: Spot prices adjust gradually based on long term supply and demand for spare EC2 capacity.
F
T/F: The AWS Free Tier for RDS is a single AZ deployment
F
T/F: Windows Server with SQL Server is currently available as a spot instance.
T
T/F: there are no outbound charges between AWS in the same region
As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs
TAM
What AWS region is the most recent to launch? Name a region that is scheduled to launch in the future.
The AWS region that is the most recent to launch is Milan in Europe with a total of 3 availability zones. A region that is scheduled to launch in the future is Montreal in Canada.
What information does the IAM credential report provide?
The current state of security of your IAM users' access credentials
For certain services like Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Relational Database Service (Amazon RDS), you can invest in reserved capacity. What options are available for Reserved Instances? (Choose three.)
puri, nuri, auri,
Which of the following would be a valid endpoint your developers could use to access a particular Relational Database Service instance you're running in the Northern Virginia region
rds.us-east-1.amazonaws.com
Which CloudFront distribution type requires you to provide a media player
rtmp
Effect in IAM Policy
says whether to Allow or Deny the permissions.
Which of the following can be used to protect Amazon Elastic Compute Cloud (Amazon EC2) instances hosted in AWS?
security group
In the shared responsibility model, AWS is responsible for providing what? (Select the best answer.)
security of the cloud
a,b,c,e (cannot include uppercase or Underscores)
select all the apply to S3 bucket naming: a. Bucket names must be unique across all existing bucket names in S3. b. Bucket names must comply with DNS naming conventions c. must be atleast 3 characters long and no more than 63 characters. d. can include uppercase letters or underscores. e. Must not be formatted as an IP address
Which of the following SSH commands will successfully connect to an EC2 Amazon Linux instance with an IP address of 54.7.35.103 using a key named mykey.pem
ssh -i mykey.pem [email protected]
T
t/f; EBS volumes persist beyond the life of an EC2 instance.
Which of the following EC2 services can be used without charge under the Free Tier
t2.micro EC2 instance type instances for a total of 750 hours per month
federated users
term used to describe users in your system, outside AWS.
root account
the ________ _________ is the email address you used to set up your AWS account. It always has full administrator access. You should not give these account credentials away to anyone. Instead create a user for each individual within your organization. You should always secure this root account using MFA
policy
to set the permissions in a group you need to apply a ________ to that group. These consist of Java Script Object Notation (JSON). These are referred to as key value pairs.
True or False? AWS Organizations enables you to consolidate multiple AWS accounts so that you centrally manage them.
true
True or False? Availability Zones within a Region are connected through low-latency links.
true
True or False? Networking, storage, compute, and databases are examples of service categories that AWS offers.
true
True or false? AWS offers a variety of services at no charge, for example, Amazon Virtual Private Cloud (Amazon VPC), AWS Identity and Access Management (IAM), Consolidated Billing, AWS Elastic Beanstalk, automatic scaling, AWS OpsWorks and AWS CloudFormation. However, you might be charged for other AWS services that you use in conjunction with these services.
true
true or false, aws owns and maintains the network connected hardware required for applciation services, while you provision and use what you need
true
You need to deliver content to users in the United States and Canada. Which of the following edge location options will be the most cost effective for your CloudFront distribution?
united states, canada, europe
Which of the following designations would refer to the AWS US West (Oregon) region?
us-west-2
simple AD, AD connector
use ________ ___ if you need an inexpensive Active Directory- compatible service with the common directory features. __________ ________ lets you simply connect your existing on premises active directory to AWS.
What is an IAM role?
Permissions granted a trusted entity over specified AWS resources
Which of the following AWS resources cannot be encrypted using KMS
Existing AWS Elastic Block Store volumes
kinesis
consuming big data is ________
You can run applications and workloads from a Region closer to the end users to_______ latency.
decrease
Which of the following is an optional security control that can be applied at the subnet layer of a VPC?
network acl
Which of the following can limit Amazon Storage Service (Amazon S3) bucket access to specific users
AWS Identity and Access Management (IAM) policies
Which service allows a company with multiple AWS accounts to combine its usage to obtain volume discounts
AWS Organizations
Which service should a customer use to consolidate and centrally manage multiple AWS accounts
AWS Organizations
Which of the following are valid ways for a customer to interact with AWS services
Command line interface, Software Development Kits
What is one of the advantages of the Amazon Relational Database Service (Amazon RDS)
It simplifies relational database administration tasks
A company wants to reduce the physical compute footprint that developers use to run code. Which service would meet that need by enabling serverless architecture
AWS Lambda
Which of the following statements best describes Amazon CloudFront? a) Speeds up the delivery of your content to viewers across the globe b) Provides a common language for you to describe and provision all the infrastructure resources in your cloud environment c) Provides you with data and actionable insights to monitor your applications d) Provides topics for high—throughput, push—based, many—to—many messaging
(a) Speeds up the delivery of your content to viewers across the globe
Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery? A) AWS Regions B) AWS edge locations C) AWS Availability Zones D) Amazon Virtual Private Cloud (Amazon VPC)
(B) AWS edge locations
Which of the following is AWS's responsibility under the AWS shared responsibility model? A) Configuring third-party applications B) Maintaining physical hardware C) Securing application access and data D) Managing custom Amazon Machine Images (AMIs)
(B) Maintaining physical hardware
Why is AWS more economical than traditional data centers for applications with varying compute workloads? A) Amazon Elastic Compute Cloud (Amazon EC2) costs are billed on a monthly basis. B) Customers retain full administrative access to their Amazon EC2 instances. C) Amazon EC2 instances can be launched on-demand when needed. D) Customers can permanently run enough instances to handle peak workloads.
(C) Amazon EC2 instances can be launched on-demand when needed.
What is the benefit of using AWS managed services, such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)
(Not Sure)They simplify patching and updating underlying OSs.
Which of the following statements best describes AWS Trusted Advisor? a) A tool that provides you real time guidance to help you provision your resources following AWS best practices. b) A tool that helps customers estimate their monthly AWS bill more efficiently. c) A tool that estimates the cost savings when using AWS and provides a detailed set of reports. d) A tool that enables you to view and analyze your costs and usage.
(a) A tool that provides you real time guidance to help you provision your resources following AWS best practices.
Which AWS service enables you to repeatedly and predictably provision resources to power your applications? a) AWS CloudFormation b) AWS Cloud Map c) AWS CloudTrail d) Amazon CloudFront
(a) AWS CloudFormation
Which method would you use to access AWS services through an easy~to~use graphical interface? a) AWS Management Console b) Software Development Kits (AWS SDKs) c) AWS EasyLaunch d) AWS Command Line Interface (AWS CLI)
(a) AWS Management Console
Which of the following terms refers to the power to scale computing resources up or down easily? a) Elasticity b) Economy c) Expediency d) Efficiency
(a) Elasticity
Which of the following use cases is appropriate for Amazon CloudFront? (Select Three.) a) Security and encryption b) Live on-demand video streaming c) Schema generation d) Static asset caching e) Auto Scaling f) Database backups
(a) Security and encryption (b) Live on-demand video streaming (d) Static asset caching
What are the benefits of using Amazon EC2 instances compared to physical servers in your infrastructure? (Select two.) a) The ability to have different storage requirements b) Pay only for the capacity you use c) Automatic automated backups d) The ability to hot-add additional RAM e) Resizable
(a) The ability to have different storage requirements (b) Pay only for the capacity you use
Which of the following AWS concepts refers to "Established best practices developed through lessons learned by working with customers"? a) Well-Architected Framework b) AWS Trusted Advisor c) Security of the Cloud d) Reference architecture
(a) Well-Architected Framework
Which of the following AWS services has no additional charge associated with its use? (The resources provisioned within the service may incur costs.) a) Amazon Elastic Compute Cloud (Amazon EC2) b) AWS Identity and Access Management (IAM) c) Amazon Simple Storage Service (Amazon S3) d) Amazon Elastic Block Store (Amazon EBS)
(b) AWS Identity and Access Management (IAM)
A company has 70 employees divided into 10 departments. The IT administrator wants to customize each department's access to AWS. Which of the following options is most appropriate? a) Create a temporary role for each employee, and revise their access as needed. b) Create an IAM group for each department, and assign IAM users to the groups. c) Create an IAM role for each department, and assign IAM users to the roles. d) Make each employee an AWS account root user.
(b) Create an IAM group for each department, and assign IAM users to the groups.
Which of the pillars of the Well—Architected Framework is defined as the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures? a) Performance efficiency b) Operational excellence c) Security d) Reliability
(b) Operational excellence
What is the first step in getting started with AWS Lambda? a) Provision EC2 instances b) Upload your code c) Deploy an OS image d) Pay for estimated compute time
(b) Upload your code
You have an application composed of individual services. You need to route a request to a service based on the content of the request. Which service should you use? a) EC2 Auto Scaling b) AWS CloudTrail c) Elastic Load Balancing d) Amazon Route 53
(c) Elastic Load Balancing
Users of your services are reporting latency. With on-premises architecture you would notify your Administrator to launch another server to balance the load. How can this be automated using AWS? a) Create a new template using AWS CloudFormation. b) Enable AWS CloudTrail to monitor latency issues. c) Enable an Amazon CloudWatch alarm to trigger a scaling policy. d) Create six Amazon EC2 instances in different Availability Zones.
(c) Enable an Amazon CloudWatch alarm to trigger a scaling policy.
Which parts of the AWS infrastructure support increased resilience? a) Multiple edge locations within a region b) Multiple Regions distributed globally c) Multiple Availability Zones within a region d) Multiple AWS Direct Connect (DX) gateways within a data center
(c) Multiple Availability zones within a region
Which of the following is NOT a pillar of the AWS Well- Architected Framework? a) Cost Optimization b) Operational Excellence c) Persistence d) Security
(c) Persistence
Your web application requires temporary authorization to use AWS services. Which IAM entity should be used? a) User b) MFA c) Role d) Group
(c) Role
Which of the following examples best demonstrates the agility that cloud computing offers? a) Protect your data by centralizing your applications in one Availability Zone. b) Increase network throughput with AWS Direct Connect (DX) nodes. c) Spin up servers in minutes, and shut down servers when you don't need them. d) Quickly deploy multi—factor authentication (MFA) to multiple data centers.
(c) Spin up servers in minutes, and shut down servers when you don't need them.
Which of the following statements is true of Amazon Virtual Private Clouds (VPC)? a) Each AWS account can have only one VPC associated with it b) A VPC acts as a physical firewall for your cloud infrastructure c) You can create many subnets in a VPC, though fewer is recommended to limit complexity d) Each VPC is a private, dedicated network connection from your premises to AWS
(c) You can create many subnets in a VPC, though fewer is recommended to limit complexity
Which of the following services is in the category of AWS serverless platform
AWS Lambda
You want to provide private name resolution for two VPCs using the domain name company.pri. How many private hosted zones do you need to create?
1
Which of the following will encrypt your data while in transit between your office and Amazon S3?
A client-side master key
In which scenario should Amazon EC2 Spot Instances be used
A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances
Which of these statements about Availability Zones is not true?
A data center can be used for more than one Availability Zone.
What is Amazon Route 53
A highly available and scalable DNS web service
What is Amazon CloudWatch
A metrics repository with customizable notification thresholds and channels.
How many Availability Zones should compute resources be provisioned across to achieve high availability
A minimum of two
Resources in a VPC need to be able to resolve internal IP addresses for other resources in the VPC. No one outside of the VPC should be able to resolve these addresses. Which of the following Route 53 resources can help you achieve this?
A private hosted zone
What is the AWS feature that provides an additional level of security above the default authentication mechanism of usernames and passwords
AWS MFA
AWS allows users to manage their resources using a web based user interface. What is the name of this interface
AWS Management Console
What's the difference between a security group and a network access control list (NACL)? (Select TWO.)
A security group operates at the instance level., A network access control list operates at the subnet level
Which of the following scenarios would be a good use case for AWS Organizations? (Select TWO.)
A single company with multiple AWS accounts that wants a single place to administrate everything, A company that's integrated some operations with an upstream vendor
Which method would you use to access AWS services through an easy-to-use graphical interface
AWS Management Console
What is the difference between a standard AWS region and a GovCloud region?
A standard AWS region can have resources deployed by any customer. GovCloud is a specific region located in the PNW area (Oregon-Washington) that meets specific FedRAMP or other controlled unclassified information security guidelines for government & restricted industry customers (federal contractors, research groups). It is otherwise functionally equivalent to the commercial AWS regions, all products in commercial are supported in Gov with additional security. The difference between the standard AWS region and a GovCloud region is the level of security and who is capable of accessing that particular region. As an ordinary citizen, you have the ability to choose which AWS region and which availability zone you want. AWS regions are open to the public and a multitude of people will be connected to the same region. A GovCloud region is used mostly by the U.S. government to deploy resources and share data. These regions are not available to the public. Unlike the AWS regions, customer access is restricted when considering the GovCloud region. You have to be a U.S. citizen in order to access the GovCloud regions.
Which of the following are true regarding subnets? (Select TWO.)
A subnet must have a CIDR that's a subset of the CIDR of the VPC in which it resides. C. A subnet spans one Availability Zone.
Which of the following defines the AWS CLI
A suite of utilities that can be launched from a command program in Linux, macOS, or Windows
You want to experiment with deploying a web server on an EC2 instance. Which two of the following resources can you include to make that work while remaining within the Free Tier? (Select TWO.)
A t2.micro instance type EC2 instance, A 30 GB solid-state Elastic Block Store (EBS) drive
Which of the following is true of a VPC peering connection?
It's a private connection between two VPCs.
Which of the following is the responsibility of AWS under the AWS shared responsibility model?
Maintaining physical hardware
When creating an AWS Identity and Access Management (IAM) policy, what are the two types of access that can be granted to a user? (
AWS Management Console access, Programmatic access
Where should a company go to search software listings from independent software vendors to find, test, buy and deploy software that runs on AWS
AWS Marketplace
Which AWS offering enables customers to find, buy, and immediately start using software solutions in their AWS environment
AWS Marketplace
Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting
AWS Online Tech Talks, AWS Classroom Training
Which of the following services could be used to deploy an application to servers running on-premises
AWS OpsWorks, AWS CodeDeploy
Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific users
AWS Identity and Access Management (IAM) policies
What is AMI and what purpose does it serve?
AMI stands for Amazon Machine Image. The purpose of it is to provide information that is required to launch an instance. It is necessary that you specify which Amazon Machine Image you want when you are launching an instance.
Who is responsible for security of the cloud according to the shared responsibility model
AWS
Where can a customer find information about prohibited actions on AWS infrastructure
AWS Acceptable Use Policy
Where will you find information on the limits AWS imposes on the ways you can use your account resources?
AWS Acceptable Use Policy
Where are AWS compliance documents, such as an SOC 1 report, located
AWS Artifact
Where can AWS compliance and certification reports be downloaded
AWS Artifact
Which AWS service would you use to obtain compliance reports and certificates
AWS Artifact
Which of the following services allows customers to manage their agreements with AWS
AWS Artifact
A company complains that they are wasting a lot of money on underutilized compute resources in AWS. Which AWS feature should they use to ensure that their applications are automatically adding/removing compute capacity to closely match the required demand
AWS Auto Scaling
What is the AWS service that enables AWS architects to manage infrastructure as code
AWS CloudFormation
Which AWS service enables you to repeatedly and predictably provision resources to power your applications
AWS CloudFormation
Which AWS service provides the ability to manage infrastructure as code
AWS CloudFormation
Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster
AWS CloudFormation, AWS Management Console
Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated
AWS CloudTrail
Which service enables risk auditing by continuously monitoring and logging account activity, including user actions in the AWS Management Console and AWS SDKs
AWS CloudTrail
You have noticed that several critical Amazon EC2 instances have been terminated. Which of the following AWS services would help you determine who took this action
AWS CloudTrail
If a customer needs to audit the change management of AWS resources, which of the following AWS services should the customer use
AWS Config
According to the Shared Responsibility Model, What is the responsibility of AWS and what is the responsibility of the Customer?
According to the Shared Responsibility Model, the responsibility of AWS has to do with security of the cloud. This includes the software, hardware and AWS Global Infrastructure. AWS is in charge of the regions, availability zones, edge locations and the networking. AWS protects the infrastructure that runs all of the services offered in the AWS Cloud. According to the Shared Responsibility Model, the responsibility of the customer has to do with the security in the cloud. Based on what AWS Cloud service the customer selects, they may have to do more configuration work. If the customer uses an Amazon EC2 instance then they will be responsible for the management of the system, security groups, and any application software or utilities that are going to be installed.
What are the benefits of having infrastructure hosted in AWS
All of the physical security and most of the data/network security are taken care of for you & increase speed and agility
The identification process of an online financial services company requires that new users must complete an online interview with their security team. After verifying users' identities, the recorded interviews are only required in the event of a legal issue or a regulatory compliance breach. What is the most cost-effective service to store the recorded videos
Amazon Glacier
Which AWS service should be used for long-term, low-cost storage of data backups
Amazon Glacier
Which AWS services should be used for read/write of constantly changing data
Amazon RDS, Amazon EFS
A company is looking for a scalable data warehouse solution. Which of the following AWS solutions would meet the company's needs
Amazon Redshift
Which of the following is an AWS managed Domain Name System (DNS) web service
Amazon Route 53
Which services can be used across hybrid AWS Cloud architectures
Amazon Route 53 & Virtual Private Gateway
Which AWS services are defined as global instead of regional
Amazon Route 53, Amazon CloudFront
What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval
Amazon S3
Which AWS service can serve a static website
Amazon S3
Which of the following is not a benefit of Amazon S3
Amazon S3 can run any type of application or backend system
a,b,c
Amazon S3 charges: (select all that apply) a. only pay for what you actually use b. no hidden fees c. no overage charges
What type of storage (described in question 1) do EBS, EFS, and S3 use?
Amazon S3 uses object storage. Amazon EFS uses file storage. Amazon EBS uses block storage.
Which of the following AWS services can be used to serve large amounts of online video content with the lowest possible latency
Amazon S3, Amazon CloudFront
Which storage service can be used as a low-cost option for hosting static websites
Amazon Simple Storage Service (Amazon S3)
EBS
Amazon _____ allows you to create storage volumes and attach them to EC2 instances. Once attached, you can create a file system on top of these volumes, run a database, or use them in any other way you would use a block device. They are placed in a specific AZ, where they are automatically replicated to protect you from the failure of a single component.
What is the difference between an Identity-based Policy and a Resource-based Policy
An Identity-Based Policy is a JSON permission policy document that can be attached to a user, role or group of users. These types of policies control what actions an user or a role can do, which resources that have access to and under what conditions they can do them. A Resource-Based policy while it may be a JSON policy document like an Identity-Based Policy, it is different because you attach them to a resource which allows a specific permission to do their desired action. Unlike Identity-Based Policies, Resource-Based Policies are only Inline policies and not managed resources-based policies. This means that they are policies created and managed by you to be placed into a single user, group or role.
Which of the following are characteristics of Amazon S3
An object store & a durable storage system
You have an application composed of individual services and you need to route a request to a service based on the content of the request. What type of load balancer should you use
Application Load Balancer
Which of the following tools are available to ensure you won't accidentally run past your Free Tier limit and incur unwanted costs? (Select TWO.)
Automated email alerts when activity approaches the Free Tier limits B. The Top Free Tier Services by Usage section on the Billing & Cost Management Dashboard
What is Elastic Load Balancing
Automatically distributing traffic across multiple targets
Which of the below options are related to the reliability of AWS
Automatically provisioning new resources to meet demand & ability to recover quickly from failures
Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links
Availability Zone
Which AWS feature should a customer leverage to achieve high availability of an application
Availability Zones
The principle "design for failure and nothing will fail" is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle?
Availability Zones & AWS Elastic Load Balancer
What are the 4 configurable resources for each instance type?
Compute (CPU/GPU) Storage Network Memory
What are the four support plans offered by AWS Support? (Select the best answer.)
Basic, Developer, Business, Enterprise
Which is the best place to get a quick summary of this month's spend for your account?
Billing & Cost Management Dashboard
Which is the MINIMUM AWS Support plan that allows for one-hour target response time for support cases
Business
Which is the MINIMUM AWS Support plan that provides technical support through phone calls
Business
How can you view the distribution of AWS spending in one of your AWS accounts
By using Cost Explorer
Select two examples of the AWS shared controls
Configuration Management & Patch Management
How is storage typically priced on AWS Cloud
Charged per GB
Which of the following AWS Total Cost of Ownership Calculator parameters is likely to have the greatest impact on cost?
Number of servers
There is no charge for which of the following? (Choose two answers.)
Data transfer between services within the same AWS Region, Inbound data transfer (with some exceptions)
What is an example of agility in the AWS Cloud
Decreased acquisition time for new compute resources
Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software licenses
Dedicated Hosts
Which of the following does not contribute significantly to the operational value of a large cloud provider like AWS?
Deep experience in the retail sphere
Which of the following are best practices to secure your account using AWS Identity and Access Management (IAM)?
Define fine-grained access rights., Manage access to AWS resources.
After initial login, what does AWS recommend as the best practice for the AWS account root user?
Delete the access keys of the AWS account root user
What can AWS edge locations be used for
Delivering content closer to users, Reducing traffic on the server by caching responses
A company has developed an eCommerce web application in AWS. What should they do to ensure that the application has the highest level of availability
Deploy the application across multiple Regions and Availability Zones
You want to create a backup of your data in another geographical location. Where should you create this backup
In another Region
availability zone
EBS Volumes are attached to EC2 instances, and launched in the same __________ _________
What are the differences between EBS, EFS, and S3?
EBS is only accessible from one EC2 instance in an AWS region, but EFS is better because a file can be accessed from a variety of regions and instances. S3 is better because it can store and retrieve unlimited amounts of data. It is beneficial because of how many files it can store.Amazon Elastic Block Store (Amazon EBS)A persistent & mountable storage system that can be added to an EC2 instance. One EBS volume can be attached to one instance in the same availability zone. Amazon Simple Storage Service (Amazon S3)S3 is a persistent storage solution that makes every file an object and is given an accessible URL Amazon Elastic File System (Amazon EFS)EFS is a shared file system that many EC2 instances can mount and use at the same time.
What is EBS and what purpose does it serve for the EC2?
EBS stands for Amazon Elastic Block Storage. The purpose of EBS is to serve as the primary data drives for EC2 instances.
Which of the following are valid origins for a CloudFront distribution?
EC2 instance B. A public S3 bucket
dedicated hosts
EC2 pricing that is useful for; - useful for regulatory requirements that may not support multi-tenant virtualization - great for licensing which does not support multi-tenancy or cloud deployments
spot pricing
EC2 pricing useful for; - applications tat have flexible start and end times - applications that are only feasible at very low compute prices
FIGHTDRMCPXZ
EC2 types Acronym (remember this and will be able to identify a random instance type that tester may try to put on the test)
internet gateway
EIPs cannot be used on instances in subnets configured to use a NAT gateway or a NAT instance to access the internet, but they can be used on instances in subnets configured to route their traffic directly to the ________ _________
In order to implement best practices when dealing with a "Single Point of Failure," you should aim to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose two)
ELB & Auto Scaling
What is a Subnet
Each subnet resides entirely within one Availability Zone and cannot span zones. If a subnet's traffic is routed to an Internet Gateway, the subnet is known as a public subnet. If a subnet does not have a route to the Internet gateway, the subnet is known as a private subnet.
As AWS grows, the cost of doing business is reduced and savings are passed back to the customer with lower pricing. What is this optimization called? (Select the best answer.)
Economies of scale
Which component of the AWS global infrastructure supports the caching of content for faster access
Edge Locations
Which of the following services will automatically scale with an expected increase in web traffic
Elastic Load Balancing
redis and memcached
Elasticache supports 2 open source in-memory caching engines called __________________ _____________ ____________
Which AWS characteristics make AWS cost effective for a workload with dynamic user demand
Elasticity and Pay-as-you-go pricing.
Which of the following should you do to secure your AWS root user? (Select TW
Enable MFA. D. Create a strong password
Users of your services are reporting latency. With on-premises architecture you would notify your Administrator to launch another server to balance the load. How can this be automated using AWS
Enable an Amazon CloudWatch alarm to trigger a scaling policy
Under the AWS shared responsibility model, which of the following activities are the customer's responsibility
Encrypting data on the client-side, Configuring Network Access Control Lists (ACL)
In the shared responsibility model, which of the following are examples of "security in the cloud"?
Encryption of data at rest and data in transit, Security group configurations
Which of the following types of Route 53 health checks works by making a test connection to a TCP port?
Endpoint
Which is a recommended pattern for designing a highly available architecture on AWS
Ensure that the application is designed to accommodate failure of any single component.
Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer
Ensuring that application data is encrypted at rest, Ensuring that users have received security training in the use of AWS services
Under the shared responsibility model, which of the following is the customer responsible for
Ensuring that data is encrypted at rest
Which AWS support plan includes a dedicated Technical Account Manager
Enterprise
Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional costs
Enterprise
What are the differences between File, Block, and Object Storage?
File Storage allows for files to be organized and arranged in a hierarchy structure. This allows for it to be easiest for the user to access these files. This is advantageous because the files can be shared and collaborated on, but File Storage is disadvantageous because there is a limit on the how much the data to grow. Block Storage divides data into blocks which can be stored for efficiency. This is beneficial because it is faster to access your data and can be retrieved from a variety of areas. It is not beneficial because there is a limitation to how much data can be split into blocks, and it is more expensive than others. Object Storage helps manage data and it helps allow for massive amounts of data to be stored. It is advantageous because it is highly accessible and users can instate policies to help reinforce data.
a,b
For managed services like Amazon DynamoDB, what are the security related tasks that AWS is responsible for? (choose 2) a. install antivirus software b. disaster recovery c. Create the required access policies d. protect credentials e. logging dynamoDB Operations.
hat are the differences between the 5 EC2 Instance types (General Purpose, Compute Optimized, Memory Optimized, Accelerated Optimized, & Storage Optimized)?
General Purpose instances provide a balance of compute, memory and networking resources and can be used for a variety of diverse workloads. These are preferred when applications use these resources, such as in a web server or a code repository. Compute Optimized instances are ideal for compute bound applications that benefit from high performance processors. These instances are best for batch processing workloads, media transcoding, high performance web servers and other applications that require intense and rigorous computation. Memory Optimized instances are designed to deliver fast performance for workloads that process large data sets in memory. Accelerated Optimized Computing instances use hardware accelerators to perform functions, which includes graphics processing or data pattern matching. This is more efficient than software running on CPUs. Storage Optimized instances are designed for workloads that require access to large data sets on local storage. This is beneficial because they can deliver numerous low-latency, random I/O operations per second to applications.
The AWS Cloud's multiple Regions are an example of:
Global infrastructure
Which feature of the AWS Cloud will support an international company's requirement for low latency to all of its customers
Global reach
Which of the following security measures to protect access to an AWS account
Grant least privilege access to IAM users, Activate multi-factor authentication (MFA) for privileged users
A characteristic of edge locations is that they:
Help lower latency and improve performance for users.
Web servers running on Amazon EC2 access a legacy application running in a corporate data center. What term would describe this model
Hybrid architecture
An organization has a large number of technical employees who operate their AWS Cloud infrastructure. What does AWS provide to help organize them in teams and then assign the appropriate permissions for each team
IAM Groups
Roles
IAM ________ are a secure way to grant permissions to entities that you trust.
global
IAM is _________, you do not specify a region when dealing with IAM. when you create a user or group, this is created globally.
JSON
IAM policy documents are written in ______ format
Which of the following Identity and Access Management (IAM) entities is associated with an access key ID and secret access key when using AWS Command Line Interface (AWS CLI)
IAM user
What is the primary function of the AWS IAM service
Identity and access management
A solution that is able to support growth in users, traffic, or data size with no drop in performance aligns with which cloud architecture principle
Implement elasticity
Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice?
Implement elasticity
Which design principles for cloud architecture are recommended when re-architecting a large monolithic application
Implement loose coupling, Design for scalability.
Which of the following is an AWS Cloud architecture design principle
Implement loose coupling.
logging
In S3, ________ enables you to track requests for access to your bucet.
temporary security credentials (temporary access keys and a security token)
In addition to creating IAM users with their own access keys, IAM also enables you to grant _________ ________ ________ to any IAM user to enable them to access your AWS services and resources.
no
Is there a charge for in-bound data transfer across all AWS services in all regions?
One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is:
It allows the business to focus on business activities.
What are the most significant architectural benefits of the way AWS designed its regions? (Select TWO.)
It can make applications available to end users with lower latency. C. It can make applications more compliant with local regulations
Which of the following is true of a new security group
It contains an outbound rule allowing access to any IP address.
Which statement best describes Elastic Load Balancing
It distributes incoming application traffic across one or more Amazon EC2 instances.
How does AWS shorten the time to provision IT resources
It provides the ability to programmatically provision existing resources
You want to improve the resilience of your EC2 web server. Which of the following is the most effective and efficient approach?
Launch parallel, load-balanced instances in multiple Availability Zones within a single AWS Region.
Which of the following best describes server virtualization
Logically partitioning physical compute and storage devices into multiple smaller virtual devices
Compared with costs in traditional and virtualized data centers, AWS has:
Lower variable costs and lower upfront costs.
Which of the following is AWS's responsibility under the AWS shared responsibility model
Maintaining physical hardware
What can be done using IAM
Manage IAM Users and their access: You can create Users and assign them individual security credentials (access keys, passwords, and multi-factor authentication devices). You can manage permissions to control which operations a User can perform. Manage IAM Roles and their permissions: An IAM Role is similar to a User, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a Role is intended to be assumable by anyone who needs it. Manage federated users and their permissions: You can enable identity federation to allow existing users in your enterprise to access the AWS Management Console, to call AWS APIs and to access resources, without the need to create an IAM User for each identity.
What is the main purpose of Amazon Route 53?
Managing domain name registration and traffic routing
Which of the following components is included in the value proposition of the AWS Cloud
Massive economies of scale
Which of the following is the primary benefit of using CloudFront distributions?
Reduced latency access to your content no matter where your end users live
A company will be moving from an on-premises data center to the AWS Cloud. What would be one financial difference after the move
Moving from upfront capital expense (capex) to variable operational expense (opex).
Which of the following is a best practice for adding an additional layer of security when logging into AWS Management Console
Multi-factor authentication (MFA)
Which parts of the AWS infrastructure support increased resilience
Multiple Availabilities Zones in within a Region
Which of the following Route 53 routing policies can return set of randomly ordered values?
Multivalue Answer
Which of the following does NOT belong to the AWS Cloud Computing models
Networking as a Service (Naas)
Is it always possible to request service limit increases from AWS?
No. Some service limits are hard
Which of the following is a limitation of the AWS Simple Monthly Calculator
Not all AWS services are included
What is the difference between the On-Demand, Reserve, Spot, and Dedicated instance purchase types? What are the default term options for a Reserve Instance?
On-Demand instance purchase types are the most expensive pricing tier. You pay for every hour that the instance is running regardless of if you are actually using it. This is beneficial for workloads that need to run for a limited time without interruption. Reserve instance purchase types are beneficial if your application has to run uninterrupted for more than a month at a time. Once you have this purchase type, it will be applied to any instance you launch in the specific AWS region. Spot instance purchase types are for workloads that do not need to run constantly and can live through shutdowns. This Is the cheapest option.Dedicated instance purchase types are kept single at the host level from instances that belong to other accounts. It is meant for a single customer and only them. The default term options for a reserved instance are one or three year terms. This can be paid upfront, partial upfront or not upfront at all. The more you pay at the beginning, the less it will cost overall.
Which of the pillars of the Well-Architected Framework is defined as the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures
Operational excellence
How do customers benefit from Amazon's massive economies of scale
Periodic price reductions as the result of Amazon's operational efficiencies
Which of the following is not a setting you can configure in a Cost budget
Owner (username of resource owner
Which of the following standards governs AWS-based applications processing credit card transactions?
PCI DSS
Under the shared responsibility model, which of the following is a shared control between a customer and AWS
Patch management
Which of the following common IT tasks can AWS cover to free up company IT resources
Patching databases software, Backing up databases
Which of the following options describes the most common AWS billing model
Pay as you go
One benefit of On-Demand Amazon Elastic Compute Cloud (Amazon EC2) pricing is:
Paying only for time used.
According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances
Penetration testing can be performed by the customer on their own instances without prior authorization from AWS
For which auditing process does AWS have sole responsibility
Physical security
power user
Policy that provides full access to AWS services and resources, but does not allow management of users and groups.
Which of the following AWS services are not likely to benefit from Amazon edge locations? (Select TWO.)
RDS,Elastic Block Store (EBS)
Which of the following are the features of Amazon CloudWatch Logs
Real-time monitoring, Adjustable retention
The financial benefits of using AWS are:
Reduced Total Cost of Ownership (TCO), Reduced operational expenditure (opex).
What is the advantage of the AWS-recommended practice of decoupling applications?
Reduces inter-dependencies so that failures do not impact other components of the application
When you request a new virtual machine instance in EC2, your instance will automatically launch into the currently selected value of which of the following
Region
Which of the following is a correct relationship between regions, Availability Zones, and edge locations
Regions contain Availability Zones
Which of the following will probably not affect the pricing for an AWS service?
Requests for raising the available service limit
Which of the following are requirements you can include in an IAM password policy? (Select THREE.)
Require at least one uppercase letter. B. Require at least one number., Require at least one nonalphanumeric character.
1, 3
Reserved instances require a ___ or _____ year purchase term, so you are committing to pay for them throughout this time period even if you don't use them.
Which of the following design strategies is most effective for maintaining the reliability of a cloud application?
Resource redundancy
Which statement is true regarding the AWS shared responsibility model
Responsibilities vary depending on the service used
Which service provides DNS in the AWS cloud
Route 53
Which of the following are not globally based AWS services? (Select TWO.)
Route 53 and Cloud Front
S3 Glacier Deep Archive
S3 Storage type. Amazons lowest cost storage class where a retrieval time of 12 hours is acceptable.
Which of the following is one of the first places you should look when troubleshooting a failing application
Service Health Dashboard
Which of the following best describes Infrastructure as a Service products
Services that give you direct control over underlying compute and storage resources
Which of the following best describes Platform as a Service products
Services that hide infrastructure complexity behind a simple interface
Which of the following best describes Software as a Service products
Services that provide a service to end users through a public network
What are the security aspects that the AWS customer is responsible for? (Choose two)
Set password complexity rules & configuring network access rules
A startup company is operating on limited funds and is extremely concerned about cost overruns. Which of the below options can be used to notify the company when their monthly AWS bill exceeds $2000
Setup a CloudWatch billing alarm that triggers an SNS notification on their email address
Which of the following Route 53 routing policies doesn't use health checks
Simple
Which of the following best describes scalability?
The ability of an application to automatically add preconfigured compute resources to meet increasing demand
Which of the following best describes elasticity
The ability of an application to increase or decrease compute resources to match changing demand
Which of the following are advantages of AWS consolidated billing
The ability to receive one bill for multiple accounts, Potential volume discounts, as usage in all accounts is combined
What is the AWS best practice for the Account Root User?
The best AWS practice for the Account Root User is to create individual IAM users for anyone that has to use your account and when creating an account for yourself it is important to give yourself user administration permissions and all of the work. This is important because you can change the admissions for each account that is created and you can take them away.
Which of the following most accurately describes a subnet within the AWS ecosystem
The block of IP addresses assigned for use within a single Availability Zone
What is the difference between an Account Root user and IAM User
The difference between an Account Root User and IAM User is that with the Account Root User you have full access to all of the resources that are in that account and that you are only allowed to use those resources that are allowed under the account that you have. But, with the IAM User, you have the ability to safely have access to AWS services and resources for any user within that AWS Account. Under IAM you can manage access to AWS services and user permissions to allow or deny an account's access to the AWS resources.
What is the difference between an IAM Policy and an IAM Permission?
The difference between an IAM Policy and an IAM permission is that an IAM Policy is something in AWS that when associated with an account or resource, it defines what permissions are available to it. These policies define what type of permissions are required for an account. An IAM permission is something that determines if an action is allowed or denied.These permissions grant access to a specific resource in AWS.
What are the difference between the different EBS volume types?
The difference between the EBS volume types are performance characteristics and price. EBS has SSD (solid state drive) and HDD (hard disk drive) volume types. SSD is faster, but often costs more. These EBS volumes also have a "provisioned / optimized" that guarantees a specific data transfer rate over total storage.
What is the difference between the AWS Simple Monthly Calculator and the Total Cost Calculator
The difference between the two is that the AWS Total Cost Calculator allows you to compare the prices between using AWS and using the on-premises servers and databases. The AWS Simple Monthly Calculator only tells you how much it would cost for using applications and services on AWS.
Which of the following characteristics most help AWS provide such scalable services? (Select TWO.)
The enormous number of servers it operates, Its highly automated infrastructure administration systems
What is the purpose of cost allocation tags
To help you identify resources for the purpose of tracking your account spending
What is the purpose of Amazon Glacier?
The purpose of Amazon Glacier is to provide a secure and long-lasting service for data archiving and long-term backup. (low cost)This is done by delivering comprehensive security and capabilities that can meet whatever you need. It is designed to protect the integrity of uploaded data and allow for anytime-anywhere recovery.
What is the difference between and what is the purpose of an IAM Group and IAM Role? and for what purpose
The purpose of a IAM Role is to define the limits of what is able to be accomplished within your AWS account. It is different from an IAM group because IAM Roles are mostly used by applications and services instead of people. The purpose of an IAM Group is to make it easier for your organization when you are adding more members to your AWS infrastructure. When using IAM groups, you are able to create someone an IAM user account and add them to a specific group and that user would automatically receive all of the permissions that are entitled to that group.
What is the purpose of a VPC and a NACL?
The purpose of a VPC is to allow you to launch Amazon Web Services into a virtual network that you have created. This virtual private cloud is only for your account. This resembles a network that would be used in your own data center. The VPC is isolated from other virtual networks in the AWS Cloud.The purpose of a NACL is to act as a firewall for directing incoming and outgoing traffic in one or more subnets. It is an optional layer of security to your VPC.
What is the purpose of the AWS Simple Monthly Calculator and the AWS TCO calculator ?
The purpose of the AWS Simple Monthly Calculator is to allow you to see the monthly cost of Amazon Web Services for you based on the applications and services that you use. You are also able to see what it will cost if you use any of the AWS resources. When using the AWS Simple Monthly Calculator, you put in the description, instances, usage and type to see how much it is going to cost you.The purpose of the AWS TCO calculator is to help you compare the on-premises costs of running your application with how much it would cost if you used AWS. By using the AWS TCO calculator you are able to see how you can save money and if it would be cheaper if you used AWS. When using the AWS TCO calculator, you plug in On-Premises and the AWS region you would use and then you put in the specific hardware configuration, type and amount of data storage you are using. Then, when you are done, you receive a report so you can see the costs for everything if you use AWS or if you use the On-Premises services.
Which of the following is not an included parameter in the AWS Total Cost of Ownership Calculator?
The tax implications of a cloud deployment
What are the three data retrieval options for Amazon Glacier?
The three data retrieval options for amazon glacier are expedited, standard and bulk. In expedited, it takes 1 to 5 minutes and is only 3 cents per gigabyte on the east coast. Standard retrievals is the default option and is 1 cent per gigabyte on the east coast. The bulk retrieval option is the lowest cost option and is complete in 5 to 12 hours.
What will IAM users with AWS Management Console access need to successfully log in?
Their username and password
What determines the order by which subnets/AZ options are displayed in EC2 configuration dialogs
They (appear) to be displayed in random order.
What is the purpose of the Service Organization Controls (SOC) reports found on AWS Artifact?
They attest to AWS infrastructure compliance with data accountability standards like Sarbanes-Oxley.
EMR
This service enables businesses, researches, data analysts, and developers to easily and cost effectively process vast amounts of data. It uses a hosted Hadoop framework running on the web-scale infrastructure of EC2 and S3.
Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing
Three-year, All Upfront, Standard RI pricing
What does it mean to authenticate? what are the three type of authentication methods a user can use to connect to their AWS Cloud environment? and What does it mean to use MFA to authenticate?
To authenticate means to validate or to verify that it is you who are using the account or device. The three types of authentication methods a user can use to connect to their AWS Cloud environment are a Universal 2nd Factor, MFA-compliant Device, such as YubiKey, or a smartphone with the Authenticator app installed. When you use MFA to authenticate, it adds extra security because you have to use a second device that provides a code or credentials for you to use when you have to authenticate that it is you using the device. It requires more than one form of authentication to verify your login credentials.
What is the primary goal of autoscaling
To ensure that a predefined service level is maintained regardless of external demand or instance failures
Which of the following is an advantage of consolidated billing on AWS
Volume pricing qualification
You have two EC2 instances hosting a web application. You want to distribute 20 percent of traffic to one instance and 80 percent to the other. Which of the following Route 53 routing policies should you use?
Weighted
Which of the following AWS concepts refer to "Established best practices developed through lessons learned by working with customers"
Well architected framework
a,c
What are the benefits of using Amazon EC2 instances compared to physical servers in your infrastructure? (select 2) a. pay only for the capacity you use b. automatic automated backups c. the ability to have different storage requirements d. the ability to hot-add additional RAM e. resizable
pay as you go, pay for what you use, pay less as you use more, pay even less when you reserve capacity.
What is the basic pricing philosophy for AWS services?
Elasticity
What term refers to the power to scale computing resources up or down easily?
According to the AWS Shared Responsibility Model, what's the best way to define the status of the software driving an AWS managed service
Whatever the customer can control (application code and/or configuration settings) is the customer's responsibility.
Launch permissions, user defined tags, S3 bucket permissions
When copying an AMI, which of the following types of information must be manually copied to the new instance? (Choose 3) Launch permissions User defined tags user data S3 Bucket permissions
Developer
Which AWS support plan allows one contact to open unlimited cases?
Amazon VPC Elastic Beanstalk CloudFormation IAM Auto-Scaling OpsWorks
Which Amazon services are offered at no-charge? (list 6)
b,c
Which of the following URL formats does S3 support in pointing to a bucket "mynewbucket"? (Choose 2) a. http://mynewbucket.s3.aws-region.amazonaws.com b. http://s3-aws-region.amazonaws.com/mynewbucket c. http://mynewbucket.s3-aws-region.amazonaws.com d. http://s3-aws-region.amazon.com/mynewbucket
a,c
Which of the following are benefits of the AWS's Relational Database Service (RDS)? (Choose 2) a. Automated patches and backups b. it allows you to store unstructured data. c. you can resize capacity accordingly d. it allows you to store NoSQL data e. scales automatically
EC2 and RDS
Which of the following services should you implement in multiple AZs in order to achieve high availability (choose 2) DynamoDB Simple Storage Service EC2 RDS SQS
Region
You can choose the geographical AWS _________ where S3 will store the buckets that you create. You might choose one to optimize latency, minimize costs, or address regulatory requirements.
How can federated identities be incorporated into AWS workflows? (Select TWO.)
You can provide users authenticated through a third-party identity provider access to backend resources used by your mobile app, You can provide admins authenticated through AWS Microsoft AD with access to a Microsoft SharePoint farm running on AWS.
Which of the following are true about registering a domain name with Route 53? (Select TWO.)
You can register a domain name for a term of up to 10 years., Route 53 creates a public hosted zone for the domain.
IAM
You can use _______ to manage access to your S3 resources.
Which of the following is NOT correct regarding Amazon EC2 On-demand instances
You have to pay a start-up fee when launching a new instance for the first time
d
You need to add a route table that will allow connections to the internet from your subnet. Which of the following routes should you add? a. Destination: 192.168.1.258/0 --> Target: your internet gateway b. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24 c. Destination: 0.0.0.0/33 --> Target: your virtual private gateway d. Destination: 0.0.0.0/0 --> Target: your internet gateway
What does the "Principle of Least Privilege" refer to
You should grant your users only the permissions they need when they need them and nothing more
Who manages NAT Instances?
You, NAT instances are managed by you.
S3
____ provides developers and IT teams with secure, durable, highly scalable object storage. It is easy to use, with a simple web interface to store and retrieve any amount of data from anywhere on the web.
EC2
_____ is just a virtual server (or servers) in the cloud It reduces the time required to obtain and boot new server instances to minutes, by allowing you to quickly scale capacity, both up and down, as your computing requirements change
EBS
_____ provides customizable block storage for EC2 instances
EC2
______ is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Reduces the time required to obtain & boot new server instances to minutes.
EC2
______ is a web service that provides resizable computing capacity in the cloud.
public access
_______ ______ is granted to buckets and object through access control lists, bucket policies, or both.
Amazon S3
_______ _______ is storage for the Internet. You can use it to store and retrieve any amount of data at any time, from anywhere on the web
c,e
a client is concerned that someone other than approved administrators is trying to gain access to the linux web app instances in their VPC. She asks what sort of network access logging can be added. Which of the following might you recommend. (choose 2) a. set up a traffic logging rule on the VPC firewall appliance and direct the log to CLoudWatch or S3 b. use event log filters to trigger alerts that are forwarded to cloudwatch. c. make use of an OS level logging tools such as iptables and log events to CloudWatch or S3. d. Set up Flow Log for the group of instances and forward them to S3. e. Set up a Flow Log for the group of instances and forward them to cloudwatch.
What happens when you use Amazon Virtual Private Cloud (Amazon VPC) to create a new VPC? (
a main route is made by default
What is Amazon Route 53 a. A highly available and scalable Domain Name System (DNS) web service b. A monitoring and management service that collects and tracks metrics c. A fast and flexible nonrelational database service for all applications that need consistent, single-digit millisecond latency at any scale. d. A cloud service solution that establishes private connectivity between AWS and your data center, office, or colocation environment.
a. A highly available and scalable Domain Name System (DNS) web service
Who is responsible for security of the cloud according to the shared responsibility model? a. AWS b. Customer c. AWS Support d. IAM roles
a. AWS
Which AWS service enable you to repeatedly and predictably provision resources to power your applications? a. AWS CloudFormation b. AWS Cloud Map c. AWS CloudTrail d. Amazon CloudFront
a. AWS CloudFormation
Which of the following is a best practice for adding an additional layer of security when logging into the AWS Management Console? a. Root access permissions b. Multi-factor authentication (MFA) c. Secondary password d. Secondary user name
b. Multi-factor authentication (MFA)
Which among the options below can you use to launch a new Amazon RDS database cluster to your VPC? (Select TWO) a. AWS CloudFormation b. AWS CodePipeline c. AWS Management Console d. AWS Concierge e. AWS Systems Manager
a. AWS CloudFormation c. AWS Management Console You can launch a new RDS database cluster using the AWS Management Console, AWS CLI, and AWS CloudFormation. The AWS Management Console provides a web-based way to administer AWS services. You can sign in to the console and create, list, and perform other tasks with AWS services for your account. These tasks might include starting and stopping Amazon EC2 instances and Amazon RDS databases, creating Amazon DynamoDB tables, creating IAM users, and so on. The AWS Command Line Interface (CLI), on the other hand, is a unified tool to manage your AWS services.
Which service should a company use to centrally manage policies and consolidate billing across multiple AWS accounts? a. AWS Organizations b. AWS Trusted Advisor c. AWS Budgets d. AWS Config
a. AWS Organizations AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts.
A company is planning to launch a new system in AWS but they do not have an employee who has an AWS-related expertise. Which of the following can help the company to design, architect, build, migrate, and manage their workloads and applications on AWS? a. AWS Partner Network Consulting Partners b. AWS Partner Network Technology Partners c. AWS Marketplace d. Technical Account Management
a. AWS Partner Network Consulting Partners The AWS Partner Network (APN) is focused on helping partners build successful AWS-based businesses to drive superb customer experiences. This is accomplished by developing a global ecosystem of Partners with specialties unique to each customer's needs. There are two types of APN Partners: 1. APN Consulting Partners 2. APN Technology Partners
Your company is developing a critical application, and the security of the application is one of the top priorities. Which of the following AWS service will provide recommendations for security optimization for your infrastructure? a. AWS Trusted Advisor b. Amazon CloudWatch c. Amazon Inspector d. Amazon Aurora
a. AWS Trusted Advisor
Which of the following tasks is the customer's responsibility when creating Amazon VPC security groups? a. Adding rules regarding inbound traffic to the security group b. Choosing the level of physical security for the network c. Ensuring that the security groups are linked to Amazon EC2 d. Selecting an appropriate load balancing strategy for the network routers
a. Adding rules regarding inbound traffic to the security group
Which of the following are the things that Amazon CloudWatch Logs can accomplish? (Select TWO) a. Adjust the retention policy for each log group b. Create alarms that automatically stop, terminate, reboot, or recover your EC2 instances. c. Store your log data at absolutely no charge d. Record AWS Management Console actions and API calls e. Monitor application logs from Amazon EC2 Instances.
a. Adjust the retention policy for each log group e. Monitor application logs from Amazon EC2 Instances. You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service
You need to host a new Microsoft SQL Server database in AWS for an urgent project. Which AWS services should you use to meet this requirement? (Select TWO) a. Amazon Relational Database Service (Amazon RDS) b. Amazon EC2 c. Amazon Redshift d. Amazon Aurora Backtrack e. Amazon Aurora
a. Amazon Relational Database Service (Amazon RDS) b. Amazon EC2 Amazon Web Services offers you the flexibility to run Microsoft SQL Server for as much or as little time as you need and select from a number of versions and editions. SQL Server on Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS) gives you complete control over every setting, just like when it's installed on-premises. Amazon Relational Database Service (Amazon RDS) is a fully managed service that takes care of all the maintenance, backups, and patching for you
You have am application composed of individual services and you need to route a request to a service based on the content of the request. What type of load balancer should you use? a. Application Load Balancer b. Network Load Balancer c. Classic Load Balancer d. VPN Load Balancer
a. Application Load Balancer
_________ is one of the components of AWS Global Infrastructure which consists of one or more discrete data centers each with redundant power, networking, and connectivity, and housed in separate facilities. a. Availability Zone b. VPC c. Edge location d. AWS Region
a. Availability Zone The AWS Cloud infrastructure is built around AWS Regions and Availability Zones. An AWS Region is a physical location in the world where we have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.
Which of the following cloud architecture principles below is followed if you distribute your workloads across multiple Availability Zones in AWS as well as using Amazon RDS Multi-AZ? a. Design for failure b. Decouple your components c. Think parallel d. Implement elasticity
a. Design for failure
You have an application composed of individual services. You need to route a request to a service based on the content of the request. Which service would you use? a. Elastic Load Balancing b. EC2 Auto Scaling c. Amazon Route S3 d. AWS CloudTrail
a. Elastic Load Balancing
Which of the following is true on how AWS lessens the time to provision your IT resources? a. It provides various ways to programmatically provision IT resources b. It provides an AI-powered IT ticketing platform for fulfilling resource requests c. It provides express service to deliver your servers to you data centers faster d. It provides an automated system of requesting and fulfilling IT resources from third-party vendors.
a. It provides various ways to programmatically provision IT resources With the cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver results faster. AWS provides you various ways and tools to programmatically provision IT resources such as AWS CLI, AWS API and the web-based AWS Management Console.
Which of the following is a key financial benefit of migrating systems hosted on your on-premises data center to AWS? a. Opportunity to replace upfront capital expenses (CAPEX) with low variable costs b. Opportunity to replace upfront operational expenses (OPEX) with low variable operational expenses (OPEX) c. Opportunity to replace variable capital expenses (CAPEX) with low upfront costs. d. Opportunity to replace variable operational expenses (OPEX) with low upfront capital expenses (CAPEX)
a. Opportunity to replace upfront capital expenses (CAPEX) with low variable costs
Which Amazon EC2 instance purchasing option lets you take advantage of unused EC2 capacity in the AWS Cloud and provides up to a 90% discount compared to On-Demand prices? a. Spot Instance b. Convertible Reserved Instance c. Standard Reserved Instance d. Dedicated Host
a. Spot Instance Lets you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices.
What are the benefits of using Amazon EC2 instances compared to physical servers in your infrastructure? (Select two) a. The ability to have different storage requirements b. Resizible c. The ability to and additional RAM d. Automatic automated backups e. Pay only for the capacity you use
a. The ability to have different storage requirements e. Pay only for the capacity you use
Which of the following AWS concepts refers to "Established best practices developed through lessons learned by working with customers"? a. Well-Architected Framework b. Reference architecture c. Security of the Cloud d. AWS Trusted Advisor
a. Well-Architected Framework
Which AWS networking service enables a company to create a virtual network within AWS?
amaxon virtual private cloud
What is a managed policy
are pre-built policies (built either by AWS or by your administrators) that can be attached to IAM Users and Groups. When the policy is updated, the changes to the policy are immediately apply against all Users and Groups that are attached to the policy.
data pipeline
aws ________ _______ is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on premises data sources. It integrates with on premise and cloud based storage systems to allow developers to use their data when they need it, where they want it, and in the required format.
Where can a customer go to get more details about Amazon Elastic Compute Cloud (Amazon EC2) billing activity that took place 3 months ago? (Select the best answer.)
aws cost explorer
Which component of AWS Global Infrastructure does Amazon CloudFront use to ensure low-latency delivery?
aws edge locations
Which component of the AWS Global Infrastructure does Amazon CloudFront use to ensure low-latency delivery? (Select the best answer.)
aws edge locations
Which of the following are geographic areas that host two or more Availability Zones? (Select the best answer.)
aws regions
Which of the following best describes what CloudWatch is? a. An automated security assessment service b. A metric repository c. An audit service that records all API calls made to your AWS account d. A rules repository
b. A metric repository
Which parts of the AWS infrastructure support increased resilience? a. Multiple Regions distributed globally b. Multiple Availability Zones within a Region c. Multiple edge locations with a Region d. Multiple AWS Direct Connet (DX) gateways within a data center
b. Multiple Availability Zones within a Region
A company has hybrid cloud architecture where their on-premises data center interacts with their cloud resources in AWS. Which of the following services in AWS could you use to deploy a web application to servers running on-premises? (Select TWO) a. AWS CloudFormation b. AWS OpsWorks c. AWS Elasitc Beanstalk d. AWS Batch e. AWS CodeDeploy
b. AWS OpsWorks e. AWS CodeDeploy OpsWorks - AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet. CodeDeploy - AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier to rapidly release new features, avoids downtime during application deployment, and handles the complexity of updating applications.
Which of the following is a managed Distribution Denial of Service (DDoS) protection service? a. AWS Trusted Advisor b. AWS Shield c. AWS Identity and Access Management d. Amazon Inspector
b. AWS Shield
Which of the following is capable of inspecting your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps? a. AWS Cost Explorer b. AWS Trusted Advisor c. AWS Inspector d. AWS Budgets
b. AWS Trusted Advisor This is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. It inspects your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps. Cost Optimization Security Fault Tolerance Performance Service Limits
Which of the following is a responsibility of the customer according to the shared responsibility model? a. Physical security of the facilities in which the services operate b. AWS identify and Access management (IAM) c. Protection of the global infrastructure d. Availability of third-party audit reports
b. AWS identify and Access management (IAM)
A company which has a basic support plan needs resources to deploy, test, and improve their AWS environment. Which of the following can they use for free? a. Technical Account Manager b. AWS online documentation, whitepapers, blogs and support forums c. AWS Support API for programmatic case management d. In-person classes with an accredited AWS instructor
b. AWS online documentation, whitepapers, blogs and support forums
Which AWS service should you use if you need to launch a highly scalable MySQL database? a. Amazon DynamoDB b. Amazon Aurora c. Amazon Redshift d. Amazon ElastiCache
b. Amazon Aurora This service is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.
Which of the following services provides you with data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health? a. AWS Cloud9 b. Amazon CloudWatch c. AWS CloudFormation d. AWS CloudTrail
b. Amazon CloudWatch
Which service sends notifications or automatically makes changes to the resources being monitored based on rules you established? a. Amazon EC2 b. Amazon CloudWatch c. Elastic Load Balancing d. Amazon Aurora
b. Amazon CloudWatch
Which of the following instance types provides you with a significant discount compared to On-Demand Instance pricing? a. Amazon EC2 Instant Instance b. Amazon EC2 Reserved Instance c. Amazon EC2 Dedicated Hosts d. Amazon EC2 Dedicated Instances
b. Amazon EC2 Reserved Instance
Which AWS services should you use to store rapidly changing data with low read and write latencies? (Select TWO) a. Amazon S3 b. Amazon RDS c. Amazon AppStream 2.0 d. Amazon EBS d. AWS Snowball
b. Amazon RDS d. Amazon EBS Data that must be updated very frequently might be better served by a storage solution with lower read / write latencies, such as Amazon EBS volumes, Amazon RDS or other relational databases, or Amazon DynamoDB.
What is Elastic Load Balancing? a. Automatically stopping traffic when targets get overloaded b. Automatically distributing traffic across multiple targets c. Automatically slowing traffic to decrease latency d. Automatically monitoring traffic to ensure that cost are kept beneath a specified threshold
b. Automatically distributing traffic across multiple targets
Which components of the AWS infrastructure can be described as multiple, isolated locations within on geographic area? a. S3 Buckets b. Availability Zones c. Regions d. Edge Locations
b. Availability Zones
Which of the following is an advantage of using managed services like RDS, ElastiCache, and CloudSearch in AWS? a. Simplifies all of your OS patching and backup activities to help keep your resources current and secure b. Better performance than customer-managed services such as EC2 instances. c. Automatically scales the capacity without any customer intervention d. Frees up the customer from the task of choosing and optimizing the underlying instance type and size of the service
b. Better performance than customer-managed services such as EC2 instances.
You have been tasked with distributing a newsletter that will be pushed out to administrators by email. Which of the following is the best solution? a. Route the newsletters to an Amazon ElastiCache store b. Create a topic in Amazon Simple Notification Service (Amazon SNS) that administrators can subscribe to. c. Store the letters in an Amazon S3 bucket and distribute them with AWS CloudTrail d. Create a messaging queue in Amazon CloudFront
b. Create a topic in Amazon Simple Notification Service (Amazon SNS) that administrators can subscribe to.
Which component of the AWS global infrastructure supports the caching of content for faster access? a. AWS Direct Connect locations b. Edge locations c. Availability Zones d. Regions
b. Edge locations
In AWS Trusted Advisor, which of the following options are included among the five categories being considered to analyze your AWS environment and provide the best practice recommendations? (Select TWO) a. Instance Usage b. Fault Tolerance c. Performance d. Infrastructure e. Storage Capcity
b. Fault Tolerance c. Performance This is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. It inspects your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps. Cost Optimization Security Fault Tolerance Performance Service Limits
Which of the following statements is true of Amazon Virtual Private Clouds (VPC)? a. Each AWS account can have one VPC associated with in b. You can create many subnets in a VPC though fewer is recommended to limit complexity c. Each VPC is a private, dedicated network connected from you premises to AWS d. A VPC acts as a physical firewall to your cloud infrastructure
b. You can create many subnets in a VPC though fewer is recommended to limit complexity
What is the minimum number of Availability Zones that you should set up for your Application Load Balancer in order to create a highly available architecture? a. 3 b. 1 c. 2 d. 4
c. 2 A load balancer serves as the single point of contact for clients. Clients send requests to the load balancer, and the load balancer sends them to targets, such as EC2 instances, in two or more Availability Zones. At the very minimum, you have to select at least two Availability Zones from your VPC. To configure your load balancer, you have to create target groups and then register targets with your target groups. You also create listeners to check for connection requests from clients, and listener rules to route requests from clients to the targets in one or more target groups.
Which of the following defines the AWS Command Line Interface (AWS CLI)? a. A systematic approach to evaluating and implementing architectures b. Packages that enable access to AWS in a variety of programming languages. c. A suite of utilities that can be launched from a command program in Linux, macOS, or Windows. d. A rich graphical interface to majority of the features offered by AWS.
c. A suite of utilities that can be launched from a command program in Linux, macOS, or Windows.
Which of the following statements best describes AWS Trusted Advisor? a. A tool that estimates savings when using AWS and provides a detailed set of reports b. A tool that helps customers estimate their monthly AWS bill more efficiently c. A tool the provides you real time guidance to help you provision your resources following AWS best practices. d. A tool that enables you to view and analyze your costs and usage.
c. A tool the provides you real time guidance to help you provision your resources following AWS best practices.
For security audit, a company needs to download the compliance-related documents in AWS such as ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports. Which of the following should they use to retrieve these files? a. AWS Trusted Advisor b. AWS Certificate Manager c. AWS Artifact d. AW CloudTrail
c. AWS Artifact This service is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).
Which of the following Cost Management Tools allows you to track your Amazon EC2 Reserved Instance (RI) usage and view the discounted RI rate that was charged to your resources? a. AWS Systems Manager b. AWS Budgets c. AWS Cost and Usage report d. AWS Cost Explorer
c. AWS Cost and Usage report This service is your one-stop-shop for accessing the most granular data about your AWS costs and usage. You can also load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice.
Which of the following shares a collection of offerings to help you achieve specific business outcomes related to enterprise cloud adoption through paid engagements in several specialty practice areas? a. Concierge Support b. AWS Technical Account Manager c. AWS Professional Services d. AWS Enterprise Support
c. AWS Professional Services Shares a collection of offerings to help you achieve specific outcomes related to enterprise cloud adoption. Each offering delivers a set of activities, best practices, and documentation reflecting our experience supporting hundreds of customers in their journey to the AWS Cloud. AWS Professional Services' offerings use a unique methodology based on Amazon's internal best practices to help you complete projects faster and more reliably while accounting for evolving expectations and dynamic team structures along the way. It created the AWS Cloud Adoption Framework (AWS CAF) to help organizations design and travel an accelerated path to successful cloud adoption.
A company is planning to adopt a hybrid cloud architecture with AWS. Which of the following can they use to assist them in estimating their costs? (Select TWO) a. AWS Cost Explorer b. Consolidated Billing c. AWS Simple Monthly Calculator d. Cost Allocation Tag e. AWS Total Cost of Ownership (TCO) Calculator
c. AWS Simple Monthly Calculator e. AWS Total Cost of Ownership (TCO) Calculator
Users from different parts of the globe are complaining about the slow performance of the newly launched photo-sharing website in loading their high-resolution images. Which combination of AWS services should you use to serve the files with lowest possible latency? (Select TWO) a. Amazon Glacier b. AWS Storage Gateaway c. Amazon CloudFront d. Amazon S3 e. Amazon Elastic File System
c. Amazon CloudFront d. Amazon S3 You can configure your application to deliver static content and decrease the end-user latency using Amazon S3 and Amazon CloudFront. High-resolution images, videos, and other static files can be stored in Amazon S3. CloudFront speeds up content delivery by leveraging its global network of data centers, known as edge locations, to reduce delivery time by caching your content close to your end-users. CloudFront fetches your content from an origin, such as an Amazon S3 bucket, an Amazon EC2 instance, an Amazon Elastic Load Balancing load balancer or your own web server, when it's not already in an edge location. CloudFront can be used to deliver your entire website or application, including dynamic, static, streaming, and interactive content. You can set your Amazon S3 bucket as the origin of your CloudFront web distribution.
Which statement below is correct regarding the components of the AWS Global Infrastructure? a. An edge location contains multiple AWS Regions b. An Availability Zone contains multiple AWS Regions c. An AWS Region contains multiple Availability Zones d. An Availability Zone contains edge locations
c. An AWS Region contains multiple Availability Zones
A company is using Amazon S3 to store their static media contents such as photos and videos. Which of the following should you use to provide specific users access to the bucket? a. Security Group b. SSH Key c. Bucket Policy d. Network Access Control List
c. Bucket Policy
What are the things that you can implement to improve the security of your Identity and Access Management (IAM) users? (Select TWO) a. Configure a strong password policy for your users b. Block incoming traffic via network ACL c. Enable Multi-Factor Authentication (MFA) d. Enable AWS Mobile Push Notification
c. Enable Multi-Factor Authentication (MFA)
A company is in the process of choosing the most suitable AWS Region to migrate their applications. Which of the following factors should they consider? (Select TWO) a. Potential volume discounts for the specific AWS Region b. Proximity of your end-users for on-site visits to your on-premises data center c. Enhance customer experiences by reducing latency to users d. Support country-specific data sovereignty compliance requirements
c. Enhance customer experiences by reducing latency to users d. Support country-specific data sovereignty compliance
Which of the following is true regarding Elastic Load Balancing? a. It automatically increases or decreases the number of instances as the demand of your application changes b. It translates domain names into numeric IP addresses that Amazon EC2 instances use to connect to each other. c. It distributes incoming application traffic across multiple targets such as Amazon EC2 instances, in multiple Availability Zones. d. It is a virtual server that allows you to run applications in the AWS Cloud
c. It distributes incoming application traffic across multiple targets such as Amazon EC2 instances, in multiple Availability Zones. It automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones.
Which of the following is a key design principle when running an application in AWS? a. Logical coupling b. Semantic coupling c. Loose coupling d. Tight coupling
c. Loose coupling
Which of the following is NOT a pillar of the AWS Well-Architected Framework? a. Cost Optimization b. Operational Excellence c. Persistence d. Security
c. Persistence
Your web application requires temporary authorization to use AWS services. Which IAM entity should be used? a. Group b. MFA c. Role d. User
c. Role
Which of the following statements best describes Amazon CloudFront? a. Provides topics for high-throughout, push-based, many to many messaging b. Provides a common language for you to describe and provision all the infrastructure resources in you cloud environmnet c. Speeds up the delivery of your content to viewers across the globe. d. Provides you with data and actionable insights to monitor your applications
c. Speeds up the delivery of your content to viewers across the globe.
Which of the following examples best demonstrates the agility that cloud computing offers? a. Protect your data by centralizing your applications in one Availability Zone b. Quickly deploy multi-factor authentication (MFA) to multiple data centers c. Spin up servers in minutes, and shut down servers when you don't need them. d. Increase network throughout with AWS Direct Connect (DX) nodes.
c. Spin up servers in minutes, and shut down servers when you don't need them.
Which category of services includes Amazon S3? a. Security b. Migration c. Storage d. Computing
c. Storage
Which of the following can you use to connect your on-premises data center and your cloud architecture in AWS? (Select TWO) a. VPC Peering b. NAT Gateway c. Virtual Private Gateway (VPC) d. Egress-Only Internet Gateway e. Amazon Route 53
c. Virtual Private Gateway (VPC) e. Amazon Route 53 An Amazon VPC VPN connection can link your data center (or network) to your Amazon Virtual Private Cloud (VPC). A customer gateway is the anchor on your side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.tutorialsdojo.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.
Which of the following below are the benefits of using Consolidated billing in AWS? (Select TWO) a. Consolidate together the billing and payment of both AWS accounts and Amazon Internet Service b. Consolidate using the bills from multiple AWS accounts for only $1 every month c. You get one bill for multiple accounts d. Allow member account to pay the charges of all the master accounts e. Share the volume pricing and Reserved Instance discounts by combining the usage across all accounts in the organization
c. You get one bill for multiple accounts e. Share the volume pricing and Reserved Instance discounts by combining the usage across all accounts in the organization
Which of the following should be done by the AWS account root user? (Select the best answer.)
change the aws support plan
Which type of Elastic Load Balancer supports path-based routing, host-based routing, and bi-directional communication channels using WebSockets? a. Classic Load Balancer b. Network Load Balancer c. Both Application Load Balancer and Network Load Balancer d. Application Load Balancer
d. Application Load Balancer This is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request.
You need to launch a new EC2 Instance for a beta program which is scheduled to change its instance family, operating system and tenancy exactly 3 months after its trial period. Which type of Reserved Instance (RI) should you use? a. Zonal RI b. Standard RI c. Scheduled RI d. Convertible RI
d. Convertible RI Convertible Reserved Instances (RI) provide you with a significant discount (up to 54%) compared to On-Demand Instances and can be purchased for a 1-year or 3-year term. Purchase Convertible Reserved Instances if you need additional flexibility, such as the ability to use different instance families, operating systems, or tenancies over the Reserved Instance term.
Which of the following allows you to categorize and track your AWS costs on a detailed level? a. Amazon Aurora Backtrack b. Consolidated Billing c. AWS Budgets d. Cost Allocation tags
d. Cost Allocation tags A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. A key can have more than one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses these tags to organize your resource costs on your cost allocation report, to make it easier for you to categorize and track your AWS costs. AWS provides two types of cost allocation tags, an AWS generated tags and user-defined tags. AWS defines, creates, and applies the AWS generated tags for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report.
A company has 70 employees divided into 10 departments. The IT admin wants to customize each departments access to AWS. Which of the following options is most appropriate? a. Make each employee an AWS account root user. b. Create an IAM role for each department, and assign IAM users to the roles. c. Create a temporary role for each employee, and revise their access as needed. d. Create an IAM Group for ach department and assign IAM users to the groups
d. Create an IAM Group for ach department and assign IAM users to the groups
Which of the following Amazon EC2 instance purchasing options can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses? a. Reserved Instance b. On-Demand Instance c. Dedicated Instance d. Dedicated Host
d. Dedicated Host
Users of your services are reporting latency. With on-premises architecture you would notify your Administrator to launch another server to balance the load. How can this be automated using AWS? a. Create six Amazon EC2 instances in different Availability Zones. b. Create a new template using AWS CloudFormation. c. Enable AWS CloudTrail to monitor latency issues. d. Enable an Amazon CloudWatch alarm to trigger a scaling policy.
d. Enable an Amazon CloudWatch alarm to trigger a scaling policy.
A company has web servers running on Amazon EC2 instances that access a RESTful API hosted on their on-premises data center. What kind of architecture is the company using? a. Software as a Service (SaaS) b. Serverless architecture c. Platform as a Service (PaaS) d. Hybrid architecture
d. Hybrid architecture Since the company has web servers running on Amazon EC2 instances that access a RESTful API hosted on their on-premises data center, they are considered to be using a hybrid cloud computing deployment model. Hence, the correct answer is Hybrid architecture
Which of the following IAM identities is associated with the access keys that are used in managing your cloud resources via the AWS Command Line Interface (AWS CLI)? a. IAM Policy b. IAM Role c. IAM Group d. IAM User
d. IAM User Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). Access keys consist of two parts: 1. Access key ID (for example: AKIAIOSTUTORIALSDOJO) 2. Secret access key (for example: wJalrXUtnFEMI/K7MDENG/bTutorialsDojoKEY).
Which of the following components is included in the value proposition of the AWS Cloud? a. Fully independent development without parameters b. Informal security restrictions c. Physical relocation of your servers d. Massive economies of scale
d. Massive economies of scale
Which of the following is true regarding the Developer support plan in AWS? (Select TWO) a. Full access to the AWS Support API b. Recommended if you have business and /or mission critical workloads in AWS c. Has access to the full set of Trusted Advisor checks d. No access to the AWS Support API e. Limited access to the 7 Core Trusted Advisor checks
d. No access to the AWS Support API e. Limited access to the 7 Core Trusted Advisor checks
Which of the pillars of the well-Architected Framework is defined as the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures? a. Performance efficiency b. Security c. Reliability d. Operational excellence
d. Operational excellence
Which of the following options describes the most common AWS billing model? a. Annual Billing b. Pay in Advance c. Daily Billing d. Pay as you Go
d. Pay as you Go
What is the first step in getting started with AWS Lambda? a. Pay for estimated computer time b. Deploy an OS image c. Provision EC2 instances d. Upload your code
d. Upload your code
A company is designing a new cloud architecture for its mission-critical application in AWS which must be highly-available. Which of the following is the recommended pattern to meet this requirement? a. Make sure that each component of the application is high bandwidth and low-latency network connectivity using ENI's b. Deploy an Amazon EC2 Spot Fleet with a diversified allocation strategy. c Adopt a monolithic application architecture d. Using multiple Availability Zones to ensure that the application can handle the failure of any single component.
d. Using multiple Availability Zones to ensure that the application can handle the failure of any single component.
What is an Instance
is a virtual server in the AWS Cloud. You launch an instance from an Amazon Machine Image (AMI). The AMI provides the operating system, application server, and applications for your instance.
What is IAM
is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. AWs Identity and Access Management
what is amazon ec2
is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
Availability Zones within a Region are connected over low-latency links. Which of the following is a benefit of these links
make synchronous replication of your data possible
0 bytes to 5TB
minimum and max file/ object size in S3?
Approximately how many different CloudFront edge locations are there?
more than 150
AWS highly recommends provisioning your compute resources across _______ Availability Zones.
multiple
You need to allow resources in a private subnet to access the internet. Which of the following must be present to enable this access? (Select the best answer.)
nat gateway
cost optimization, performance, security, fault tolerance, and service limits
what 5 high level categories of information does AWS Trusted Advisor supply?
a
what are AWS recommendations regarding root access keys? a. delete them b. save the in a secure place c. only share them with trusted people d. none of the above.
b,d
what are design principles for performance efficiency in the cloud? (Choose 2) a. implement security automation b. Use serverless architectures c. enable traceability d. go global in minutes.
compute, storage, and data transfer
what are the 3 fundamental characteristics you pay for in AWS?
Identity Access Management
what does IAM Stand for?
ECR (Elastic Container Registry)
what is the most appropriate means (service) for developers to store docker container images in the AWS Cloud?
AWS Simple Monthly Calculator
what tool can be used to estimate your monthly AWS bill?
bastion
when properly configured through the use of security groups and Network ACLs, the __________ essentially acts as a bridge to your private instances via the internet.
HTTP 200 code
when you upload a file to S3, you will receive an _______ _______ _______ if the upload was successful
developer
which AWS support plan includes Business hours access to Cloud Support Associated via email (only)?
enterprise
which aws support plan includes an unlimited number of cases created b an unlimited number of contacts to aws senior cloud support engineers by phone, email, or chat 24x7
linux; T2 instance
which instance types require an HVM AMI?
What is an Inline policy
which is a policy assigned to just one User or Group. Inline Policies are typically used to apply permissions for one-off situations.
What is a Nat gateway
which is used to provide internet connectivity to EC2 instances in the private subnets.
a,d
which of the following allows you to create a new RDS instance? (choose 2) a. management console b. AWS DMS c. AWS CloudFront d. AWS CloudFormation e. Lambda
c
which of the following can be used to call AWS services from different programming languages? a. CLI b. AWS Console c. SDKs d. IAM
glacier and storage gateway
which of the following services natively encrypts data at rest within an AWS region? (choose 2) storage gateway dynamoDB CloudFront Glacier SQS
b,c
which security procedures should you perform yourself even if you are using a managed service? (choose 2) a. database patching b. SSL/TLS c. activity logging d. disaster recovery.
AWS Config
with ___ ______, you can discover existing and deleted AWS resources, determine your overall compliance against rules, and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and trouble shooting.
memory usage
you are a systems administrator and you need to monitor the health of your production environment. You decide to do this with CloudWatch. However, you notice that you cannot see the health of every important metric in the default dashboard. When monitoring the health of your EC2 instances, for which of the following metrics do you need to design a custom CloudWatch metric? Network in Memory Usage CPU usage disk read operations
lifecycle rules
you can define _______ _______ for objects in your bucket that have a well-defines lifecycle. For example, you can define a rule to archive objects one year after creation, or delete an object 10 years after creation.
versioning
you can use ____________ to keep multiple versions of an object in the same bucket.
a
you want to quickly deploy your .NET application on the AWS Cloud. Which of the following AWS Services can best help you? a. Elastic Beanstalk b. EC2 c. VPC d. SQS