Practice Exam 1 - Part 1 - Question 1 - 30
For security audit, a company needs to download the compliance-related documents in AWS such as ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports. Which of the following should they use to retrieve these files? 1) AWS Artifact 2) AWS CloudTrail 3) AWS Certificate Manager 4) AWS Trusted Advisor
1) AWS Artifact
Which among the options below can you use to launch a new Amazon RDS database cluster to your VPC? (Select TWO) 1) AWS Systems Manager 2) AWS CloudFormation 3) AWS CodePipeline 4) AWS Managment Console 4) AWS Concierge
1) AWS CloudFormation 2) AWS Management COnsole
3 Ways to Launch an RDS Database
1) AWS Mangment Console 2) AWS CLI 3) AWS CloudFormation
Which of the following shares a collection of offerings to help you achieve specific business outcomes related to enterprise cloud adoption through paid engagements in several specialty practice areas? 1) AWS Professional Services 2) Concerige Support 3) AWS Technical Account Manager 4) AWS Enterprise Support
1) AWS Professional Services
There is a requirement to launch a new database in AWS where the customer assumes the responsibility and management of the guest operating system, including updates and security patches. Which of the following services should the customer use? 1) Amazon EC2 2) Amazon DocumentDB 3) Amazon DynamoDB 4) Amazon Aurora
1) Amazon EC2
What service provides the lowest-cost storage option for retaining database backups which also allows occasional data retrieval in minutes? 1) Amazon Glacier 2) Amazon S3 3) Amazon EBS 4) Amazon EFS
1) Amazon Glacier
Which of the following can you use to connect your on-premises data center and your cloud architecture in AWS? (Select TWO) 1) Amazon Route53 2) NAT Gateway 3) Egress-Only Internet Gateway 4) VPC Peering 5) Virtual Private Gateway
1) Amazon Route53 5) Virtual Private Gateway
Trusted Advisor Catergories:
1) Cost optimization 2) Security 3) Fault Tolerance 4) Performance 5) Service Limits
Which of the following Amazon EC2 instance purchasing options can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses? 1) Dedicated Host 2) On-Demand Instance 3) Dedicated Instance 4) Reserved Instance
1) Dedicated Host
What are the things that you can implement to improve the security of your Identity and Access Management (IAM) users? (Select TWO) 1) Enable MFA 2) Block Incoming Traffic via Security Groups 3) Enable AWS Mobile Push Notification 4) Block incoming traffic via Network ACL 5) Configure a strong password policy for your users.
1) Enable MFA 5) Configure a strong password policy for your users.
What are all the catergories of Trsuted Advisor?
1) Service Limits 2) Performance 3) Fault Tolerance 4) Security 5) Cost Optimization
What are the six advantages of cloud computing?
1) Trade capital expense for variable expense 2) Benefit from massive economies of scale 3) Stop guessing capacity 3) increased speed and agility 4) Increased speed and agility 5) stop spending money on running and maintaining data centers 6) Go global in minutes
Which of the following characteristics correctly describes the Amazon Simple Storage Service? (Select TWO) 1)An object storage service 2) A highly durable storage infrastructure 3) A hybrid cloud storage service 4) a high-performance block storage service 5) a durable high throughput file system
1)An object storage service 2) A highly durable storage infrastructure
What should you provide to your developers to allow them to access your AWS services through the AWS CLI? 1) SSH Keys 2) Access Keys 3) IAM Username and passwords 4) API Keys
2) Access Keys, IAM Username and password is for the console. API Keys - API Gateway and SSH Keys - connect and control EC2 with an SSH connection
In AWS Trusted Advisor, which of the following options are included among the five categories being considered to analyze your AWS environment and provide the best practice recommendations? (Select TWO) 1) Storage Capacity 2) Fault Tolerance 3) Infrastructure 4) Instance Usage 5) Performance
2) Fault Tolerance , 5) Performance
Which of the following is true regarding Amazon Relational Database Service (Amazon RDS)? (Select TWO) 1) Automatically scaled the relational database based on the incoming workload 2) Makes it easy to set up, operate and scaled a relational database 3) Simplifies the management of time-consuming database administration tasks 4) Provides 99.99999999999% reliability and durability 5) It is a managed related database service
2) Makes it easy to set up, operate and scaled a relational database 3) Simplifies the management of time-consuming database administration tasks
Which of the following are the things that Amazon CloudWatch Logs can accomplish? (Select TWO) 1) Store your log data at absolutely no charge 2) Monitor Application Logs from Amazon EC2 instances 3) Adjust the retention policy for each log group 4) Record AWS management console actions and API calls 5) Create alarms that automatically stop, terminate, reboot and recover your EC2 instantces
2) Monitor Application Logs from Amazon EC2 instances 3) Adjust the retention policy for each log group
In the VPC dashboard of your AWS Management Console, which of the following services or feature below can you manage? (Select TWO) 1) CloudFront 2) Network ACLs 3) Route 53 4) Secuirty Groups 5) Lambda
2) Network ACLs 4) Security Groups , all other services have their own dashboards.
Which of the following below are the benefits of using Consolidated billing in AWS? (Select TWO) 1) consolidate together the billing and payment of both AWS accounts and AISPL accounts 2) Share the volume pricing and reserved instance discounts by combining the usage across all accounts in the organization 3) Allows one member account to pay the charges of all the master accounts 4) You get one bill for multiple accounts 5) COnsolidated all the bills from multiple AWS accounts for only $1 every month
2) Share the volume pricing and reserved instance discounts by combining the usage across all accounts in the organization 4) You get one bill for multiple accounts
What kind of support is offered regardless of support plan?
27/7 acess to customer service, documentation, whitepapers, support forums
Which of the following Cost Management Tools allows you to track your Amazon EC2 Reserved Instance (RI) usage and view the discounted RI rate that was charged to your resources? 1) AWS Systems Manager 2) AWS Cost and Usage Report 3) AWS Cost Explorer 4) AWS Budgets
3) AWS Cost and Usage Report
Which of the following are regarded as regional services in AWS? (Select TWO) 1) AWS Security Token Service 2) Amazon EC2 3) Amazon EFS 4) Amazon Route53 5) AWS Batch
3) Amazon EFS 5) AWS Batch
In the Shared Responsibility Model, which of the following options below is a shared control between AWS and the customer? 1) Client-side data encryption 2) Physical and environmental controls of the AWS data centers 3) Awareness and Training 4) Server-side data encryption
3) Awareness and Training
Which of the following is the most cost-effective AWS Support Plan to use if you need access to AWS Support API for programmatic case management? 1) Enterprise 2) Basic 3) Business 4) Developer
3) Business
A company is designing a new cloud architecture for its mission-critical application in AWS which must be highly-available. Which of the following is the recommended pattern to meet this requirement? 1) Deploy an Amazon EC2 spot fleet with a diversified allocation Strategy 2) Adopt a monolithic application architecture 3) Use Multiple Availability Zones to ensure that the application can handle the failure of any single component 4) Make sure each component of the application has high bandwith and low-latency network connectivity using ENIs
3) Use Multiple Availability Zones to ensure that the application can handle the failure of any single component
Which service provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services? 1) Amazon Cloudwatch 2) AWS Infrastructure Event Managment 3) AWS Config 4) AWS Cloudtrail
4) AWS Cloudtrail - enables governance, compliance, operational auditing, risk auditing
Which service should you use if there is a need to launch a customized self-hosted database which requires a scheduled shutdown every night to save on cost? 1) Amazon DynamoDB 2) Amazon RedShift 3) Amazon EC2 instance with an Instance Store Volume 4) Amazon EC2 instance with an EBS volume
4) Amazon EC2 instance with an EBS volume, Amazon EBS provides durable block level storage volumes that you attach to a running instance so it is recommended for running a DB
Which of the following cloud architecture principles below is followed if you distribute your workloads across multiple Availability Zones in AWS as well as using Amazon RDS Multi-AZ? 1) Implement Elasticity 2) Decouple your components 3) Think Parelell 4) Design for Failure
4) Design for Failure
Which of the following IAM identities is associated with the access keys that are used in managing your cloud resources via the AWS Command Line Interface (AWS CLI)? 1) IAM Policy 2) IAM Role 3) IAM Group 4) IAM User
4) IAM USer - user uses access keys
Which of the following is a key design principle when running an application in AWS? 1) Semantic Coupling 2) Tight Coupling 3) Logical Coupling 4) Loose Coupling
4) Loose Coupling
What is AWS Certificate Manager?
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. This service does not store certifications or compliance-related documents.
Name the service that is used to monitor, store and access your log files from Amazon Elastic Computer Cloud, EC2, CloudTrail, Route53
AWS Cloudwatch Log
What is AWS Inspector?
AWS Inspector is just an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.
A hybrid cloud storage service
AWS Storage Gateway
Why not Amazon DocumentDB
Amazon DocumentDB is incorrect because this is a fully-managed document database service that supports MongoDB workloads. Just like Amazon Aurora, you don't need to handle or manage the guest operating system of this service since it is already managed by AWS.
Why not Amazon DynamoDB?
Amazon DynamoDB is incorrect because just like the other two options above, this is also a fully-managed database service which means that you won't be able to manage the underlying guest operating system or apply the required updates and security patches.
why not Amazon EC2 instance with an Instance Store volume?
Amazon EC2 instance with an Instance Store volume is incorrect because if you use this for your self-hosted database, all of your data will be lost after you shut down the instance. You have to use an EBS Volume instead in order to persist the data for the scheduled nightly shutdown.
A high-performance block storage service
Amazon Elastic Block Storage (EBS)
Redshift
Amazon Redshift is incorrect because this is a data warehousing service that is specifically designed for online analytic processing (OLAP) and business intelligence (BI) applications which require complex queries against large datasets.
A durable, high throughput file system, not for static content and cannot connect it directly to cloudFront
Amazons Elastic File System
Why not Amazon Aurora?
Aurora is a fully managed service that automates time-consuming administration tasks like hardware provisioning, database set up, patching and backups without any manual intervention
Best Practices for IAM: Rotate Credentials Regularly
Change passwords and access keys very often. Can apply a password policy so that users also rotate credentials
What is the difference between Dedicated Hosts and Dedicated Instances?
Dedicated Host gives you additional visibility and control over how instances are placed on a physical server and you can consistently deploy your instances to the same physical server over time so that means you can use your existing server-bound software licenses.
Consolidated Billing TRUE or FALSE: Allows one member account to pay the charges of all the master accounts
False, one master pays for all members
True/False: AWS CloudTrail provide compliance related reports
False, service that enables governance, compliance, operational auditing, and risk quditing or your AWS Account
List all the global services:
IAM, Route53, CloudFront, WAF, AWS security Token service
What is the AWS Cloud Adoption Framework?
It was created by AWS professional Services to help organizations design and quickly use cloud adoption. Helps you realize business benefits from cloud adoption faster with less risk
What is loose coupling?
Loose coupling is a desirable quality of software, which allows one part of software to modify without affecting other part of software. For example in a loosely coupled software a change in UI layout should not affect the back-end class structure.
Service and Communications Protection or Zone security - shared or not?
Not shared - responsibility of the customer. route or zone data within specific security environments
What is AWS Cost Explorer?
RI Util and Coverage report - doesnt show the discoutned RI rate that was charged to your resources
What is the core benefit of the cost and usage report?
Reserved Instance Data made available to you
Which service: Provides 99.99999999999% reliability and durability
S3
Configuration Management - shared or not?
Shared - AWS maintains config of its devices and a customer is responsible for config of own guest OS, databases and applications
Patch Management - shared or not?
Shared - Aws responsible for patching within the infrastructure but customers are responsible for patching their guest OS and applications.
Awareness and Training - shared or not?
Shared -AWS trains its employees and customers need to train theirs
What is Concierge support?
Team composed of AWS billing and accounting experts for enterprise accounts. help with billing inquires and work with you to implement billing and account best practices
Why is Block incoming traffic via network ACL and block incoming traffic via Security groups wrong?
These are related to VPC networking
Why is "record AWS Management Console actions and API calls" wrong?
This refers to cloudtrail not cloud watch
What is AWS enterprise support?
This technical support 24x7 from engineers to manage health of your environment, TAM to coordinate access to proactive or preventative programs.
What is IAM?
a web service that help you securely control access to AWS resources
What is the AWS support API?
access to features on the AWS support center to create, manage and close support cases and manage your trusted advisor.
Where can you set a password policy?
account settings page in IAM
What is the Cost and Usage report?
all data about AWS costs and usage. cost information can be loaded into Athena, Redshift, QuickSight
Logical Coupling and Semantic Coupling
are related to Object Oriented Programming and not AWS
What is AWS Artifact?
central resource for compliance related information.
AWS Cloud Watch: Monitor AWS CloudTrail Logged Events
create alarms for specific API activity from cloudTrail, and use info for troubleshooting
What can cost and usage information be used for?
deep into your AWS Cost and usage data, understand how you are using your AWS implementation, and help optimize
What is NAT Gateway?
enables EC2 instantces in a private subet to connect to the internet or AWS service
True of False: AWS and AISPL accounts can be consolidated together
false
True or False: the Basic and Developer Support Plans have access to the AWS support API
false, only enterprise and business
what is Egress-Only Internet Gateway?
for ipV6 Traffic only, horizontally scaled, redudant, highly available VPC component for outbound communication over IPv6
What is AWS CodePipeline?
fully managed continuous delivery service that help you automate your release pipelines for fast and reliable application and infrastrcutre updates.
What is cloudwatch used for?
get all logs from all of your systems, applications, AWS services that you use in a single highly scalable service. Can search for specific errors codes your patterns, filter on specific fields, archive them for the future. All logs are ordered by time and you can query them and sort them based on other dimensions, group by fieds and create custom computations with a powerful query language, visualize log data in dashboards.
What happens when a linked account leaves an organization?
linked account cannot access cost explorer data of when the account was part of the organization. data is not deleted and the payer account in the org. can still access the data.
AWS Cloudwatch: Log Retention
logs kept indefinitely and do not expire but you can adjust the retention policy for each log group.
AWS Cloudwatch: Log Route 53 DNS queries
logs to log info about the DNS and route53 services
What is VPC Peering?
network connection between two VPCS, not between your VPC and on premise data center
IS amazon EC2 global?
nope it is zonal
Benefits of consolidated billing
one bill for multiple accounts, easy tracking of all charges across multiple accounts and downloaded the combines cost and usage data, combined usage - combine usage across all accounts in the org. to share volume pricing discounts and reserved instance discounts, no extra fee
What is AWS Technical Account Manager?
point of contact who provides guidance to help build and plan solutions for best practices, and keep AWS environment healthy
Best Practices for IAM: Configure a strong password policy for your users
require they change their passwords often and create strong passwords.
What is AWS Professional Services?
resources and offers to achieve specific goals for enterprise cloud adoption. The resources provide information on best practices and set of activities> helpful to complete projects faster and more reliably
Examples of responsibilities of the customer
server-side data encryption, client-side data encryption
What is AWS budgets?
set custom budgets that alert you when your costs or usage exceed your budgeted amount
What is Amazon Batch?
simplifies running batch jobs across multiple Availability Zones.
AWS Infrastructure Event Management
structured program available to Enterprise Support Customers that helps plan for large-scale events such as product or application launches, infrastructure migrations, and marketing events.
Tight Coupling
subunits within an organization that are closely connected and highly interdependent
WRONG: Make sure that each component of the application has high bandwidth and low-latency network connectivity using ENI
that is not enough to make your architecture highly available.
Why is the "Store your log data at absolutely no charge" wrong?
the service is not entirely free, you still have to pay for usage.
Why is Enable AWS Mobile Push Notificaton wrong?
this is a feature of SNS
Why is "create alarms that automatically stop, terminate, reboot or recover your EC2 instantces" incorrect?
this is task that can be done for CloudWatch alarms
Restful APIs are are way to reduce interdependencies in a system
true
Amazon EBS
type of block storage
What is AWS Systems Manager?
unified user interface so you can view operational data from multiple AWS services and automate operational tasks across your AWS resources
AWS CloudWatch: Archive Log Data
use cloudwatch logs to store your data in highly durable storage. can send both non/rotated log data off of a host and into the log service. You can then access whenever you need it.
What support do just Business or Enterprise support plans have access to?
use-case guidance, AWS trusted advisor, an API for interacting with Support Center and rusted Advisor, Third-party software support for EC2 instance operating systems.
Best Practices for IAM: Enable MFA
users have a device that generates a code. need that code along with the credentials to complete the sign in. even if some one gets a hole of a users access keys or password still wont be able to log in because of MFA
AWS Cloudwatch: Monitor Logs from Amazon EC2 Instances
using the logs, you can monitor applications and systems. Can track the number of errors that occur in logs, can send a notification when the amount of errors exceeds a threshold. no code changes are required since cloudwatch uses your data for monitoring. log data is encrypted while in transit and at rest
Why use IAM?
you get to control who is authenticated and authorized to use resources