Quiz review

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

AWS Fargate

+a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters.

cAs part of a flexible pricing model, AWS offers two types of Savings Plans. Which of the following are the Savings Plans from AWS?

Compute Savings Plans, EC2 Instance Savings Plans

A company wants to identify the optimal AWS resource configuration for its workloads so that the company can reduce costs and increase workload performance. Which of the following services can be used to meet this requirement?

Compute optimaizer

Which of the following is correct about AWS "Developer" Support plan?

One Contact to open unlimtited cases

Which AWS support plan provides access to a designated Technical Account Manager (TAM)?

Enterprise

Which of the following AWS Support plans provides access to online training with self-paced labs?

Enterprise

Which of the following AWS Support plans provide access to guidance, configuration, and troubleshooting of AWS interoperability with third-party software? (Select two)

Enterprise and Buisness

Which of the following is CORRECT regarding removing an AWS account from AWS Organizations?

The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations

Which of the following are the best practices when using AWS Organizations? (Select TWO)

1Create accounts per department Restrict account privileges using Service Control Policies (SCP)

Which of the following statements are correct regarding the AWS Support Plans? (Select two)

A designated Technical Account Manager is available only for Enterprise support plans Both Basic and Developer Support plans have access to 7 core Trusted Advisor checks

U2F security key

A device that you plug into a USB port on your computer.

aws landing zone

A solution that helps customers more quickly set up a secure, multi-account AWS environment based on AWS best practices

A multi-national corporation wants to get expert professional advice on migrating to AWS and managing their applications on AWS Cloud. Which of the following entities would you recommend for this engagement?

APN Consulting PArtner

Which policy describes prohibited uses of the web services offered by Amazon Web Services?

AWS Acceptable Use Policy

Which of the following AWS services can be used to forecast your AWS account usage and costs?

AWS Cost Explorer

Load data for analytics

AWS Glue

Which of the following AWS services is essential for implementing security of resources in AWS Cloud?

AWS Identity and Access Management

A company runs an application on a fleet of EC2 instances. The company wants to automate the traditional maintenance job of running timely assessments and checking for OS vulnerabilities. As a Cloud Practitioner, which service will you suggest for this use case?

AWS Inspector

A silicon valley based healthcare startup stores anonymized patient health data on Amazon S3. The CTO further wants to ensure that any sensitive data on S3 is discovered and identified to prevent any sensitive data leaks. As a Cloud Practitioner, which AWS service would you recommend addressing this use-case?

AWS Macie

Which service gives a personalized view of the status of the AWS services that are part of your Cloud architecture so that you can quickly assess the impact on your business when AWS service(s) are experiencing issues?

AWS Personal Health Dashboard

A start-up would like to quickly deploy a popular technology on AWS. As a Cloud Practitioner, which AWS tool would you use for this task?

AWS Quick Starts references

Which AWS service can be used to subscribe to an RSS feed to be notified of the status of all AWS service interruptions?

AWS Service Health Dashboard

Which tool/service will help you access AWS services using programming language-specific APIs?

AWS Software Deveeloper Kit

A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task?

AWS Systems Manager

A company's flagship application runs on a fleet of Amazon EC2 instances. As per the new policies, the system administrators are looking for the best way to provide secure shell access to AWS EC2 instances without opening new ports or using public IP addresses. Which tool/service will help you achieve this requirement?

AWS Systems Manager Session Manager

An IT company is on a cost-optimization spree and wants to identify all EC2 instances that are under-utilized. Which AWS services can be used off-the-shelf to address this use-case without needing any manual configurations? (Select two)

AWS Trusted Advisor AWS Cost Explorer

The DevOps team at an e-commerce company is trying to debug performance issues for its serverless application built using a microservices architecture. As a Cloud Practitioner, which AWS service would you recommend addressing this use-case?

AWS X-Ray

Which of the following statements are true about AWS Shared Responsibility Model? (Select two)

AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications AWS trains AWS employees, but a customer must train their own employees

Which of the following AWS Support plans is the MOST cost-effective when getting enhanced technical support by Cloud Support Engineers?

AWS recommends Business Support if you have production workloads on AWS and want 24x7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases. You get full access to AWS Trusted Advisor Best Practice Checks. It is also the cheapeast support plan to provide enhanced technical support by Cloud Support Engineers.

A Cloud Practitioner would like to deploy identical resources across all regions and accounts using templates while estimating costs. Which AWS service can assist with this task?

AWS,Cloudformation

A company is looking for ways to make its desktop applications available to the employees from browsers on their devices/laptops. Which AWS service will help achieve this requirement without having to procure servers or maintain infrastructure?

Amazon AppStream 2.0 - Amazon AppStream 2.0 is a fully managed non-persistent application and desktop streaming service. You centrally manage your desktop applications on AppStream 2.0 and securely deliver them to any computer. You can easily scale to any number of users across the globe without acquiring, provisioning, and operating hardware or infrastructure. AppStream 2.0 is built on AWS, so you benefit from a data center and network architecture designed for the most security-sensitive organizations. Each end-user has a fluid and responsive experience because your applications run on virtual machines optimized for specific use cases and each streaming session automatically adjusts to network conditions. Users can access the desktop applications they need at any time. AppStream 2.0 streams your applications from AWS to any computer, including Chromebooks, Macs, and PCs. AppStream 2.0 connects to your Active Directory, network, cloud storage, and file shares. Users access applications using their existing credentials and your existing security policies manage access. Extensive APIs integrate AppStream 2.0 with your IT solutions.

AWS Web Application Firewall (AWS WAF) can be deployed on which of the following services?

Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync

The development team at a company manages 300 microservices and it is now trying to automate the code reviews to improve the code quality. Which tool/service is the right fit for this requirement?

Amazon CodeGuru - Amazon CodeGuru is a developer tool that provides intelligent recommendations to improve code quality and identify an application's most expensive lines of code. Integrate CodeGuru into your existing software development workflow to automate code reviews during application development, continuously monitor application performance in production, provide recommendations and visual clues for improving code quality and application performance, and reduce overall cost.

A company is looking at a service/tool to automate and minimize the time spent on keeping the server images up-to-date. These server images are used by EC2 instances as well as the on-premises systems. Which AWS service will help achieve the company's need?

Amazon EC2 Image Builder - EC2 Image Builder simplifies the building, testing, and deployment of Virtual Machine and container images for use on AWS or on-premises. Keeping Virtual Machine and container images up-to-date can be time-consuming, resource-intensive, and error-prone. Currently, customers either manually update and snapshot VMs or have teams that build automation scripts to maintain images. Image Builder significantly reduces the effort of keeping images up-to-date and secure by providing a simple graphical interface, built-in automation, and AWS-provided security settings. With Image Builder, there are no manual steps for updating an image nor do you have to build your own automation pipeline.

Where can you buy EC2 reserved instances?

Amazon EC2 console

A startup runs its proprietary application on docker containers. As a Cloud Practitioner, which AWS service would you recommend so that the startup can run containers and still have access to the underlying servers?

Amazon Elastic Container Service (Amazon ECS)

Which AWS service should be used when you want to run container applications, but want to avoid the operational overhead of scaling, patching, securing, and managing servers?

Amazon Elastic Container Service - Fargate launch type

A company wants a fully managed, flexible, and scalable file storage system, with low latency access, for its Windows-based applications. Which AWS service is the right choice for the company?

Amazon FSx for Windows File Server

A company is looking at real-time processing of streaming big data for their ad-tech platform. Which of the following AWS services is the right choice for this requirement

Amazon Kinesis data stream - Amazon Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs. You can continuously add various types of data such as clickstreams, application logs, and social media to an Amazon Kinesis data stream from hundreds of thousands of sources. Within seconds, the data will be available for your Amazon Kinesis Applications to read and process from the stream. Amazon Kinesis Data Streams is useful to rapidly move the data off data producers and then continuously process the data, be it to transform the data before emitting it to a data store, run real-time metrics and analytics, or derive more complex data streams for further processing. The following are typical scenarios for using Amazon Kinesis Data Streams: accelerated log and data feed intake, real-time metrics and reporting, real-time data analytics, complex stream processing.

A company is using a message broker service on its on-premises application and wants to move this messaging functionality to AWS Cloud. Which of the following AWS services is the right choice to move the existing functionality easily?

Amazon MQ

A media company uses Amazon Simple Storage Service (Amazon S3) for storing all its data. Which storage class should it consider for cost-optimal storage of the data that has random access patterns?

Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering) - Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering) is the only cloud storage class that delivers automatic cost savings by moving objects between four access tiers when access patterns change. The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without operational overhead. It works by storing objects in four access tiers: two low latency access tiers optimized for frequent and infrequent access, and two optional archive access tiers designed for asynchronous access that are optimized for rare access.

Which AWS service can be used to send, store, and receive messages between software components at any volume to decouple application tiers?

Amazon SQS Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware, and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

interface endpoint

An elastic network interface with a private IP address that serves as an entry point for traffic destined for a variety of AWS services.

According to the Well-Architected Framework, which of the following statements are recommendations in the Operational Excellence pillar? (Select two)

Anticipate failure Make frequent, small, reversible changes

Which of the following is best-suited for load-balancing HTTP and HTTPS traffic?

Application Load Balancer

A data analytics company has some data stored on Amazon S3 and wants to do SQL based analysis on this data with minimum effort. As a Cloud Practitioner, which of the following AWS services will you suggest for this use case?

Athena

aws control tower

Automates the set-up of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment.

Which of the following AWS Support plans provide access to only 7 core checks from the AWS Trusted Advisor Best Practice Checks? (Select two)

Basic, developer

A developer has written a simple web application in PHP and he wants to just upload his code to AWS Cloud and have AWS handle the deployment automatically but still wants access to the underlying operating system for further enhancements. As a Cloud Practioner, which of the following AWS services would you recommend for this use-case?

Beanstalk

Bob and Susan each have an AWS account in AWS Organizations. Susan has five Reserved Instances (RIs) of the same type and Bob has none. During one particular hour, Susan uses three instances and Bob uses six for a total of nine instances on the organization's consolidated bill. Which of the following statements are correct about consolidated billing in AWS Organizations? (Select two)

Bob receives the cost-benefit from Susan's Reserved Instances only if he launches his instances in the same Availability Zone where Susan purchased her Reserved Instances AWS bills five instances as Reserved Instances, and the remaining four instances as regular instances

An e-commerce company would like to receive alerts when the Reserved EC2 Instances utilization drops below a certain threshold. Which AWS service can be used to address this use-case?

Budgetq

A startup is looking for 24x7 phone based technical support for his AWS account. Which of the following is the MOST cost-effective AWS support plan for this use-case?

Buisness

Which AWS Support plan provides architectural guidance contextual to your specific use-cases?

Buisness

Which of the following AWS Support plans provides access to Infrastructure Event Management for an additional fee?

Business -

Which AWS tool/service will help you define your cloud infrastructure using popular programming languages such as Python and JavaScript?

Cloud Development Kit CDK

n IT company wants to run a log backup process every Monday at 2 AM. The usual runtime of the process is 5 minutes. As a Cloud Practitioner, which AWS services would you recommend to build a serverless solution for this use-case? (Select two)

Cloud Watch Lambda

Due to regulatory and compliance reasons, an organization is supposed to use a hardware device for any data encryption operations in the cloud. Which AWS service can be used to meet this compliance requirement?

CloudHSM

What AWS services has encryption enabled by default?

CloudTrail Logs

Which AWS service will you use to provision the same AWS infrastructure across multiple AWS accounts and regions?

Cloudformation

A company has a static website hosted on an S3 bucket in an AWS Region in Asia. Although most of its users are in Asia, now it wants to drive growth globally. How can it improve the global performance of its static website?

Cloudfront

Which of the following AWS services are global in scope? (Select two) Amazon CloudFront (Correct) Amazon S3 (Incorrect) Amazon Relational Database Service (Amazon RDS) Amazon Elastic Compute Cloud (Amazon EC2) AWS Identity and Access Management (IAM) (Correct)

Cloudfront IAM

A Security Group has been changed in an AWS account and the manager of the account has asked you to find out the details of the user who changed it. As a Cloud Practitioner, which AWS service will you use to fetch the necessary information?

Cloudtrail

Difference in cloudtrail and cloudwatch?

Cloudtrail deals more with users

According to the Shared Responsibility Model, which of the following is both the responsibility of AWS and the customer? (Select two)

Configuration management Shared Controls - Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. Operating system (OS) configuration The customers are responsible for "Security IN the cloud". It includes customer data, as well as the guest operating system configuration. OS configuration as a whole is a shared responsibility, but be careful: the host OS configuration is the responsibility of AWS, and the guest OS configuration is the responsibility of the customer. Exam Alert:

VPC Peering

Connecting VPCs to each other

A cyber forensics team has detected that AWS owned IP-addresses are being used to carry out malicious attacks. As this constitutes prohibited use of AWS services, which of the following is the correct solution to address this issue?

Contact abuse team

What are the four differnt budget types?

Cost, Usage, Reservation and savings

A company would like to separate cost for AWS services by the department for cost allocation. Which of the following is the simplest way to achieve this task?

Create tags for each department

CRR

Cross regions replicatation

A company wants to have control over creating and using its own keys for encryption on AWS services. Which of the following can be used for this use-case?

Customer Managed CMK

Amazon Route 53 can relate to what?

DNS

Which of the following types are free under the Amazon S3 pricing model? (Select two)

Data transferred in from the internet Data transferred out to an Amazon Elastic Compute Cloud (Amazon EC2) instance, when the instance is in the same AWS Region as the S3 bucket

According to the AWS Shared Responsibility Model, which of the following are responsibilities of the customer for Amazon RDS

Database Encryption

Using x-ray think what?

Debug

The DevOps team at a Big Data consultancy has set up EC2 instances across two AWS Regions for its flagship application. Which of the following characterizes this application architecture?

Deploying the application across two AWS Regions improves availability - Highly available systems are those that can withstand some measure of degradation while remaining available. Each AWS Region is fully isolated and comprised of multiple Availability Zones (AZ's), which are fully isolated partitions of AWS infrastructure. To better isolate any issues and achieve high availability, you can partition applications across multiple AZ's in the same AWS Region or even across multiple AWS Regions.

Which of the following AWS services can be used to connect a company's on-premises environment to a VPC without using the public internet?

Direct Connect

Which of the following solutions can you use to connect your on-premises network with AWS Cloud (Select two).

Direct connect, and vpn

Which of the following services are provided by Amazon Route 53? (Select TWO)

Domain registration Health checks and monitoring

Which AWS service would you choose for a data processing project that needs a schemaless database?

DynamoDb

Which of the following AWS services support reservations to optimize costs? (Select three)

EC2 Dynamo Elasticahce RDS Redshift

Which of the following statements is correct regarding the AWS Elastic File System (EFS) storage service?

EC2 instances can access files on an EFS file system across many Availability Zones, Regions and VPCs

Advanced shielf protection is used on whwat resources

ECC ELB Cloudfront route 53 global accelerator

A data analytics company is running a proprietary batch analytics application on AWS and wants to use a storage service which would be accessed by hundreds of EC2 instances simultaneously to append data to existing files. As a Cloud Practitioner, which AWS service would you suggest for this use-case?

EFS

A fleet of Amazon EC2 instances spread across different Availability Zones needs to access, edit and share file-based data stored centrally on a system. As a Cloud Practitioner, which AWS service would you recommend for this use-case?

EFS

Which of the following AWS storage services can be directly used with on-premises systems?

EFS

Which AWS services support High Availability by default? (Select two) Instance Store

EFS dynamo Db

Hadoop think what?

EMR

Which AWS service can be used to provision resources to run big data workloads on Hadoop clusters?

EMR

Which of the following are correct statements regarding the AWS Global Infrastructure? (Select two)

Each AWS Region consists of a minimum of three Availability Zones Each Availability Zone (AZ) consists of one or more discrete data centers

As per the AWS shared responsibility model, which of the following is a responsibility of AWS from a security and compliance point of view?

Edge location management

AWS Identity and Access Management (IAM) policies are written as JSON documents. Which of the following are mandatory elements of an IAM policy?

Effect action

Which AWS service can be used as an in-memory database with high-performance and low latency?

ElastiCache

What are the advantages that AWS Cloud offers over a traditional on-premises IT infrastructure? (Select two)

Eliminate guessing and capitol for variable

What is the primary benefit of deploying an RDS database in a Multi-AZ configuration?

Enhances availability

Which AWS Support plan guarantees a case response time of 15 minutes when Business Critical systems are down?

Enterprise

Difference in ECS and Fargate? (Dealing with container)

Fargate works with ECS to make it easier on building applications but you dont have access to underlying servers

According to the Shared Responsibility Model, which of the following is a responsibility of the customer?

Firewall and networking configuration in EC2

Which of the following statements are true about Cost Allocation Tags in AWS Billing? (Select two)

For each resource, each tag key must be unique, and each tag key can have only one value You must activate both AWS generated tags and user-defined tags separately before they can appear in Cost Explorer or on a cost allocation report

AWS Cloudformation

Gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

Which of the following statements are CORRECT regarding AWS Global Accelerator? (Select two)

Global Accelerator is a good fit for non-HTTP use cases Global Accelerator provides static IP addresses that act as a fixed entry point to your application

Which AWS serverless service allows you to prepare data for analytics?

Glue

Which AWS service protects your AWS account by monitoring malicious activity and detecting threats?

Guard Duty

Which of the following IAM Security Tools allows you to review permissions granted to a user?

IAM Access advisor

Which of the following AWS services are always free to use (Select two)?

IAM and Auto Scaling

Access Key ID and Secret Access Key are tied to which of the following AWS Identity and Access Management entities?

IAM user

Which type of Cloud Computing does Amazon Elastic Compute Cloud (EC2) represent?

Infrastructure as a service

Difference in inspector and guard duty?

Inspector does automated securty assessments while guard duty monitors malicious activity

Which AWS service allows you to connect any number of IoT devices to the cloud without requiring you to provision or manage servers?

IoT Core

Which of the following statements is the MOST accurate when describing AWS Elastic Beanstalk?

It is a Platform as a Service (PaaS) which allows you to deploy and scale web applications and services

A startup wants to migrate its data and applications from the on-premises data center to AWS Cloud. Which of the following options can be used by the startup to help with this migration? (Select two)

Leverage AWS Professional Services to accelerate the infrastructure migration Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration

An e-commerce company would like to build a chatbot for its customer service using Natural Language Understand (NLU). As a Cloud Practitioner, which AWS service would you use?

Lex

An engineering team is new to the AWS Cloud and it would like to launch a dev/test environment with low monthly pricing. Which AWS service can address this use-case?

Lighsail

Which of the following is the best practice for application architecture on AWS Cloud?

Loosly Coupled componenets

Message brokers think what?

MQ

Main purpose for read replicas

Main purpose is scalability

Which S3 storage class offers the lowest availability?

One Zone IA

Which of the following describes an Availability Zone in the AWS Cloud?

One or more data centers in the same location

AWS Support offers four support plans for its customers. Identify the features that are covered as part of the AWS Basic Support Plan? (Select two)

One-on-one responses to account and billing questions Service health checks

A developer would like to automate operations on his on-premises environment using Chef and Puppet. Which AWS service can help with this task?

OpsWorks

ASG cale which direction?

Out and in

A manufacturing company is looking at a service that can offer AWS infrastructure, AWS services, APIs, and tools to its on-premises data center for running low latency applications. Which of the following service/tool is the best fit for the given requirement?

Outposts

A brand new startup would like to remove its need to manage the underlying infrastructure and focus on the deployment and management of its applications. Which type of Cloud Computing does this refer to?

PaaS

Which of the following billing timeframes is applied when running a Windows EC2 on-demand instance?

Pay per Second

Which pillar of AWS Well-Architected Framework focuses on using IT and computing resources efficiently, while considering the right resource types and sizes based on workload requirements?

Performance Efficiency Pillar - The performance efficiency pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve. Performance Efficiency uses the following design principles to help achieve and maintain efficient workloads in the cloud: Democratize advanced technologies, Go global in minutes, Use serverless architectures, Experiment more often and Consider mechanical

Which pillar of AWS Well-Architected Framework is responsible for making sure that you select the right resource types and sizes based on your workload requirements?

Performance effficency

A startup wants to set up its IT infrastructure on AWS Cloud. The CTO would like to get an estimate of the monthly AWS bill based on the AWS services that the startup wants to use. As a Cloud Practitioner, which AWS service would you suggest for this use-case?

Pricing Calculator

Which of the following entities applies patches to the underlying OS for AWS Aurora?

Prodcut service teams

Which of the following criteria are used to charge for Elastic Block Store (EBS) volumes? (Select TWO)

Provisioned IOPS Volume Type

Reserved Instance pricing is available for which of the following AWS services? (Select two)

RDS and EC2

What is the primary benefit of deploying an RDS database in a Read Replica configuration?

Read Replica improves database scalability

Which of the following is a part of the AWS Global Infrastructure?

Region

An organization would like to copy data across different Availability Zones (AZs) using EBS snapshots. Where are EBS snapshots stored in the AWS Cloud?Amazon S3

S3

A company would like to audit requests made to an S3 bucket. As a Cloud Practitioner, which S3 feature would you recommend addressing this use-case?

S3 Access Logs

Which of the following AWS services support VPC Endpoint Gateway for a private connection from a VPC? (Select two)

S3 and DynamoDb

Difference in S3 and EFS?

S3 does not allow appending

Which of the following statements are true regarding Amazon Simple Storage Service (S3) (Select two)?

S3 is a key value based object storage service S3 stores data in a flat non-hierarchical structure

When thinking athena of aurora think what?

SQL

Which AWS services can be used to decouple components of a microservices based application on AWS Cloud? (Select two)

SQS and SNS

A data science team would like to build Machine Learning models for its projects. Which AWS service can it use?

Sagemaker

Red shift requires a well defined what?

Schema

Which of the following will help you control the incoming traffic to an Amazon EC2 instance?

Security Group - A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. If you don't specify a security group, Amazon EC2 uses the default security group. You can add rules to each security group that allows traffic to or from its associated instances. You can modify the rules for a security group at any time. New and modified rules are automatically applied to all instances that are associated with the security group. When Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from all of the security groups that are associated with the instance. Security is a shared responsibility between AWS and you. AWS provides security groups as one of the tools for securing your instances, and you need to configure them to meet your security needs. If you have requirements that aren't fully met by security groups, you can maintain your own firewall on any of your instances in addition to using security groups.

Macie is what?

Sensitive

An e-commerce company uses AWS Cloud and would like to receive separate invoices for development and production environments. As a Cloud Practioner, which of the following solutions would you recommend for this use-case?

Seperate accounts

A company would like to move its infrastructure to AWS Cloud. Which of the following should be included in the Total Cost of Ownership (TCO) estimate? (Select TWO)

Server administration Power/Cooling

As per the Shared Responsibility Model, Security and Compliance is a shared responsibility between AWS and the customer. Which of the following security services falls under the purview of AWS under the Shared Responsibility Model?

Shield

Which AWS Service can be used to mitigate a Distributed Denial of Service (DDoS) attack?

Shield

Which of the following S3 storage classes do not charge any data retrieval fee? (Select two)

Standard and intelligent tiering

Which of the following is a benefit of using AWS managed services such as Amazon RDS?

The performance of aws managed RDS instance is better than a customer managed database instance

The DevOps team at an IT company is moving 500 GB of data from an EC2 instance to an S3 bucket in the same region. Which of the following scenario captures the correct charges for this data transfer?

There is no charge

What unique about a multi-master cluster?

They all have read/write capabilities, but must be in the same region

Which AWS service can help you analyze your infrastructure to identify unattached or underutilized EBS volumes?

Trusted Adviro

Which of the following is the least effort way to encrypt data for AWS services only in your AWS account using AWS Key Management Service (KMS)?

Use AWS managed master keys that are automatically created in your account for each service - AWS managed CMKs are CMKs in your account that are created, managed, and used on your behalf by an AWS service that is integrated with AWS KMS. Some AWS services support only an AWS managed CMK. Others use an AWS owned CMK or offer you a choice of CMKs. AWS managed CMK can be used only for your AWS account. You can view the AWS managed CMKs in your account, view their key policies, and audit their use in AWS CloudTrail logs. However, you cannot manage these CMKs, rotate them, or change their key policies. And, you cannot use AWS managed CMKs in cryptographic operations directly; the service that creates them uses them on your behalf. AWS managed CMKs appear on the AWS managed keys page of the AWS Management Console for AWS KMS. You can also identify most AWS managed CMKs by their aliases, which have the format aws/service-name, such as aws/redshift. You do not pay a monthly fee for AWS managed CMKs. They can be subject to fees for use in excess of the free tier, but some AWS services cover these costs for you.

A photo sharing web application wants to store thumbnails of user-uploaded images on Amazon S3. The thumbnails are rarely used but need to be immediately accessible from the web application. The thumbnails can be regenerated easily if they are lost. Which is the most cost-effective way to store these thumbnails on S3?

Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails

Which of the following is a recommended way to provide programmatic access to AWS resources?

Use access Key ID and Secrets Access Key to access AWS resources programmatically

Weighted ROuting Policy

Use to route traffic to multiple resources in proportions that you specify.

AWS Macie

Using artificial intelligence, machine learning and natural language understanding it has the capability to read documents and sift through user data for sensitive information that can be exploited. An alert is triggered when such data is detected. Also integrates with Cloudtrail to detect unusual access patterns to user data and alerts the administrator. Major functions are to discover, classify and protect the user data.

Which AWS service would you use to create a logically isolated section of the AWS Cloud where you can launch AWS resources in your virtual network?

VPC

Which AWS service will you use to privately connect your VPC to Amazon S3?

VPC Endpoint

Which AWS entity enables you to privately connect your VPC to an Amazon SQS queue?

VPC Interface Endpoint

A financial services enterprise plans to enable Multi-Factor Authentication (MFA) for its employees. For ease of travel, they prefer not to use any physical devices to implement MFA. Which of the below options is best suited for this use case?

Virtual MFA device

Which of the following are components of an AWS Site-to-Site VPN? (Select two)

Virtual Private Gateway (or a Transit Gateway) and Customer Gateway are the components of a VPC.

AWS Organizations provides which of the following benefits? (Select two)

Volume discounts for Amazon EC2 and Amazon S3 aggregated across the member AWS accounts Share the reserved EC2 instances amongst the member AWS accounts

A social media company wants to protect its web application from common web exploits such as SQL injection and cross-site scripting. Which of the following AWS services can be used to address this use-case?

WAF

A cargo shipping company runs its server-fleet on Amazon EC2 instances. Some of these instances host the CRM (Customer Relationship Management) applications that need to be accessible 24*7. These applications are not mission-critical. In case of a disaster, these applications can be managed on a lesser number of instances for some time. Which disaster recovery strategy is well-suited as well as cost-effective for this requirement?

Warm strategy standby

AWS Trusted Advisor can provide alerts on which of the following common security misconfigurations? (Select two)?

When you allow public access to Amazon S3 buckets When you don't turn on user activity logging (AWS CloudTrail)

Which of the following statements are true about AWS Elastic Beanstalk? (Select two)

With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications There is no additional charge for Elastic Beanstalk. You pay only for the underlying AWS resources that your application consumes

Which of the following statements is INCORRECT about AWS Auto Scaling?

You can automatically deploy AWS Shield when a DDoS attack is detected

A customer is running a comparative study of pricing models of Amazon EFS and Amazon EBS that are used with the Amazon EC2 instances that host the application. Which of the following statements are correct regarding this use-case? (Select two)

You will pay a fee each time you read from or write data stored on the EFS - Infrequent Access storage class - The Infrequent Access storage class is cost-optimized for files accessed less frequently. Data stored on the Infrequent Access storage class costs less than Standard and you will pay a fee each time you read from or write to a file. Amazon EBS Snapshots are stored incrementally, which means you are billed only for the changed blocks stored - Amazon EBS Snapshots are a point in time copy of your block data. For the first snapshot of a volume, Amazon EBS saves a full copy of your data to Amazon S3. EBS Snapshots are stored incrementally, which means you are billed only for the changed blocks stored.

when thinking on online anayytical processing think what?

amazon redshift

AWS QuickStart

built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability.

AWS EFS Drives

cloud-based file storage service for applications and workloads that run in the Amazon Web Services public cloud. AWS automatically deploys and manages the infrastructure for Elastic File System (EFS), which is distributed across an unlimited number of servers to avoid performance bottlenecks.

Which of the following options can be used to access and manage all AWS services (Select three)?

concule, CLI and SDK

Main purpose for multi region

disaster recovery and local performance

Which of the following AWS Support plans provide programmatic access to AWS Support Center features to create, manage and close your support cases? (Select two)

enterprise business

Which of the following are the serverless computing services offered by AWS (Select two)

fargagee and lambda

AWS Shield Advanced provides expanded DDoS attack protection for web applications running on which of the following resources? (Select two)

global accelerator and route 53

AWS Secrets Manager

helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

AWS Storage Gateway

is a hybrid storage service that enables your on-premises applications to seamlessly use storage in the AWS Cloud. You can use the service for backup and archiving, disaster recovery, cloud bursting, storage tiering, and migration.

AWS Cost and Usage Report

is a single location for accessing comprehensive information about your AWS costs and usage

APN Consulting Partners

professional services firms that help customers design, architect, build, migrate, and manage their workloads and applications on AWS

Which AWS service can be used for online analytical processing?

redshift

Which of the following AWS services are regional in scope? (Select two)

rekognition lambda

Which of the following AWS services can be used to prevent Distributed Denial-of-Service (DDoS) attack? (Select three)

sheild, waf, Amazon CloudFront with Route 53

AWS Whitepapers

technical content authored by AWS and the AWS community to expand your knowledge of the cloud.

A multi-national organization has separate VPCs for each of its business units on the AWS Cloud. The organization also wants to connect its on-premises data center with all VPCs for better organization-wide collaboration. Which AWS services can be combined to build the MOST efficient solution for this use-case? (Select two)

transit gateway and direct connect

DynamoDB Global Tables

- Managed cross-region replication of DynamoDB tables - Improves performance over region-specific tables when making requests near the region

EBS Volume

-durable, block-level storage device

Data encryption is automatically enabled for which of the following AWS services? (Select two)

1. AWS Storage Gateway 2. Amazon S3 Glacier

Which of the following AWS services are part of the AWS Foundation services for the Reliability pillar of the Well-Architected Framework in AWS Cloud?

1. Amazon VPS 2. AWS Trusted Advisor 3. AWS Service Quotas 4.

Trusted advisor provides real time guidance in what catergories?

1. Cost Optimization 2. Performance 3. Security 4. Fault Tolerance 5. Service Limits

AWS Compute Optimizer delivers recommendations for which of the following AWS resources? (Select two)

1. EBS Volumes, Lambdia Functions 2. EC2 insances and auto scaling groups

Which of the following options are the benefits of using AWS Elastic Load Balancing (ELB)? (Select TWO)

1. High availability 2. Fault Tolerance

Which of the following AWS services offer block-level storage? (Select two)

1. Instance Store 2. EBS (Elastic Block Store)

AWS marketplace facilitates which f the following use cases?

1. Sell software as a service solutions to customers 2. AWS customer can buy software that has been bundled into customized AMIs by the AWS Marketplace sellers

Main purpose for AZ deployments

1. availability

A cyber-security agency uses AWS Cloud and wants to carry out security assessments on their own AWS infrastructure without any prior approval from AWS. Which of the following describes/facilitates this practice?

1. penetration testing

What does a json document entail?>

1. version 2. statement a. Sid(Statement id) b. effect- allow or deny c. Principal - indicate account, role, user, etc./ that is allowed or denied access d. Action - e. resource - specify a list of resources the policy applies f. condition - specify the circumstances under which the policy grants permission.

When thinkiong of automated code review think what?

Code review

An intern at an IT company provisioned a Linux based On-demand EC2 instance with per-second billing but terminated it within 30 seconds as he wanted to provision another instance type. What is the duration for which the instance would be charged?

60 Seconds

A company wants to improve the resiliency of its flagship application so it wants to move from its traditional database system to a managed AWS database service to support active-active configuration in both the East and West US AWS regions. The active-active configuration with cross-region support is the prime criteria for any database solution that the company considers. Which AWS database service is the right fit for this requirement?

: Amazon DynamoDB with global tables

Which of the following statements are CORRECT regarding the AWS VPC service? (Select two)

A Security Group can have allow rules only A NAT Gateway is managed by AWS

Which of the following statements is CORRECT regarding the scope of an Amazon Virtual Private Cloud (VPC)?

A VPC spans all Availability Zones (AZs) within a region

Which of the following statements are correct regarding Amazon API Gateway? (Select two)

API Gateway can call an AWS Lambda function to create the front door of a serverless application - Amazon API Gateway is an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. API developers can create APIs that access AWS or other web services, as well as data stored in the AWS Cloud. API Gateway acts as a "front door" for applications to access data, business logic, or functionality from your backend services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, any web application, or real-time communication applications. API Gateway can be configured to send data directly to Amazon Kinesis Data Stream - Amazon API Gateway can execute AWS Lambda functions in your account, start AWS Step Functions state machines, or call HTTP endpoints hosted on AWS Elastic Beanstalk, Amazon EC2, and also non-AWS hosted HTTP based operations that are accessible via the public Internet.API Gateway also allows you to specify a mapping template to generate static content to be returned, helping you mock your APIs before the backend is ready. You can also integrate API Gateway with other AWS services directly - for example, you could expose an API method in API Gateway that sends data directly to Amazon Kinesis.

AWS Ckloudformation

AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion. You can use the AWS CloudFormation sample templates or create your own templates to describe your AWS resources, and any associated dependencies or runtime parameters, required to run your application. This provides a single source of truth for all your resources and helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting. CloudFormation templates allow you to estimate the cost of your resources.

A company has defined a baseline that mentions the number of AWS resources to be used for different stages of application testing. However, the company realized that employees are not adhering to the guidelines and provisioning additional resources via API calls, resulting in higher testing costs. Which AWS service will help the company raise alarms whenever the baseline resource numbers are crossed?

AWS CloudTrail Insights - AWS CloudTrail Insights helps AWS users identify and respond to unusual activity associated with write API calls by continuously analyzing CloudTrail management events. Insights events are logged when CloudTrail detects unusual write management API activity in your account. If you have CloudTrail Insights enabled, and CloudTrail detects unusual activity, Insights events are delivered to the destination S3 bucket for your trail. You can also see the type of insight and the incident time period when you view Insights events on the CloudTrail console. Unlike other types of events captured in a CloudTrail trail, Insights events are logged only when CloudTrail detects changes in your account's API usage that differ significantly from the account's typical usage patterns. CloudTrail Insights can help you detect unusual API activity in your AWS account by raising Insights events. CloudTrail Insights measures your normal patterns of API call volume, also called the baseline, and generates Insights events when the volume is outside normal patterns. CloudTrail Insights continuously monitors CloudTrail write management events, and uses mathematical models to determine the normal levels of API and service event activity for an account. CloudTrail Insights identifies behavior that is outside normal patterns, generates Insights events, and delivers those events to a /CloudTrail-Insight folder in the chosen destination S3 bucket for your trail. You can also access and view Insights events in the AWS Management Console for CloudTrail.

Which of the following data sources are used by Amazon Detective to analyze events and identify potential security issues?

AWS CloudTrail logs, Amazon VPC Flow Logs and Amazon GuardDuty findings -

Which AWS service is used to store and commit code privately and also offer features for version control?

AWS CodeCommit - AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.

Which of the following are correct statements regarding the AWS Shared Responsibility Model? (Select two)

AWS is responsible for Security "of" the Cloud For abstracted services like Amazon S3, AWS operates the infrastructure layer, the operating system, and platforms" - For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data.

A team manager needs data about the changes that have taken place for AWS resources in his account during the past two weeks. Which AWS service can help get this data?

AWS Config - AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.

AWS Cost Explorer

AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. AWS Cost Explorer includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and gives you a detailed breakdown of all services in the table view. The reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends. AWS Cost Explorer also supports forecasting to get a better idea of what your costs and usage may look like in the future so that you can plan.

Which of the following AWS services are offered free of cost? (Select two)

AWS Elastic Beanstalk - There is no additional charge for AWS Elastic Beanstalk. You pay for AWS resources (e.g. EC2 instances or S3 buckets) you create to store and run your application. You only pay for what you use, as you use it; there are no minimum fees and no upfront commitments. AWS Auto Scaling - There is no additional charge for AWS Auto Scaling. You pay only for the AWS resources needed to run your applications and Amazon CloudWatch monitoring

Which of the following is a container service of AWS?

AWS Fargate

A financial consulting company is looking for automated reference deployments, that will speed up the process of deploying its financial solutions on AWS Cloud. The reference deployment should be able to deploy most of the well-known functions of financial services and leave space for customizations, if necessary. Which AWS service will help achieve this requirement?

AWS Quick Starts - AWS Quick Starts are automated reference deployments for key workloads on the AWS Cloud. Each Quick Start launches, configures and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability. Quick Starts are accelerators that condense hundreds of manual procedures into just a few steps. They are fast, low-cost, and customizable. They are fully functional and designed for production. Quick Starts include: 1. A reference architecture for the deployment 2. AWS CloudFormation templates (JSON or YAML scripts) that automate and configure the deployment 3. A deployment guide, which explains the architecture and implementation in detail, and provides instructions for customizing the deployment. Quick Starts also include integrations that extend the cloud-based contact center functionality provided by Amazon Connect with key services and solutions from APN Partners—for customer relationship management (CRM), workforce optimization (WFO), analytics, unified communications (UC), and other use cases.

Which feature/functionality will help you organize your AWS resources, manage and automate tasks on large numbers of resources at a time?

AWS Resource Groups - In AWS, a resource is an entity that you can work with. Examples include an Amazon EC2 instance, an AWS CloudFormation stack, or an Amazon S3 bucket. If you work with multiple resources, you might find it useful to manage them as a group rather than move from one AWS service to another for each task. If you manage large numbers of related resources, such as EC2 instances that make up an application layer, you likely need to perform bulk actions on these resources at one time. You can use Resource Groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at a time. Resource Groups feature permissions are at the account level. As long as users who are sharing your account have the correct IAM permissions, they can work with resource groups that you create.

An organization maintains separate VPCs for each of its departments. With expanding business, the organization now wants to connect all VPCs for better departmental collaboration. Which AWS service will help the organization tackle the issue effectively?

AWS Transit Gateway AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router - each new connection is only made once. As you expand globally, inter-Region peering connects AWS Transit Gateways using the AWS global network. Your data is automatically encrypted and never travels over the public internet.

Which AWS service can inspect CloudFront distributions running on any HTTP web-server?

AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting. AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. When you use AWS WAF on Amazon CloudFront, your rules run in all AWS Edge Locations, located around the world close to your end-users. This means security doesn't come at the expense of performance. Blocked requests are stopped before they reach your web servers.

Which free tool helps to review the state of your workloads and compares them to the latest AWS architectural best practices after you have answered a series of questions about your workload?

AWS Well-Architected Tool - The AWS Well-Architected Tool helps you review the state of your workloads and compares them to the latest AWS architectural best practices. The tool is based on the AWS Well-Architected Framework, developed to help cloud architects build secure, high-performing, resilient, and efficient application infrastructure. To use this free tool, available in the AWS Management Console, just define your workload and answer a set of questions regarding operational excellence, security, reliability, performance efficiency, and cost optimization. The AWS Well-Architected Tool then provides a plan on how to architect for the cloud using established best practices. The AWS Well-Architected Tool gives you access to knowledge and best practices used by AWS architects, whenever you need it. You answer a series of questions about your workload, and the tool delivers an action plan with step-by-step guidance on how to build better workloads for the cloud.

A company is planning to move their traditional CRM application running on MySQL to an AWS database service. Which database service is the right fit for this requirement?

Amazon Aurora - Amazon Aurora is a relational database engine that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Amazon Aurora MySQL delivers up to five times the performance of MySQL without requiring any changes to most MySQL applications; similarly, Amazon Aurora PostgreSQL delivers up to three times the performance of PostgreSQL. Amazon RDS manages your Amazon Aurora databases, handling time-consuming tasks such as provisioning, patching, backup, recovery, failure detection and repair. You pay a simple monthly charge for each Amazon Aurora database instance you use. There are no upfront costs or long-term commitments required. Amazon Aurora features a distributed, fault-tolerant, self-healing storage system that auto-scales up to 128TB per database instance. It delivers high performance and availability with up to 15 low-latency read replicas, point-in-time recovery, continuous backup to Amazon S3, and replication across three Availability Zones (AZs). You can use the standard mysqldump utility to export data from MySQL and mysqlimport utility to import data to Amazon Aurora, and vice-versa. You can also use Amazon RDS's DB Snapshot migration feature to migrate an RDS MySQL DB Snapshot to Amazon Aurora using the AWS Management Console. Migration completes for most customers in under an hour, though the duration depends on format and data set size.

Per the AWS Shared Responsibility Model, management of which of the following AWS services is the responsibility of the customer?

Amazon Elastic Compute Cloud (Amazon EC2) - Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer's operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. "Security of the Cloud" is the responsibility of AWS - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services. "Security in the Cloud" is the responsibility of the customer. Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for the management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance.

Which of the following AWS services is delivered globally rather than regionally?

Amazon WorkSpaces - AWS offers a broad set of global cloud-based products including compute, storage, database, analytics, networking, machine learning and AI, mobile, developer tools, IoT, security, enterprise applications, and much more. Due to the nature of the service, some AWS services are delivered globally rather than regionally, such as Amazon Route 53, Amazon Chime, Amazon WorkDocs, Amazon WorkMail, Amazon WorkSpaces, Amazon WorkLink. Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.

An e-commerce company has its on-premises data storage on an NFS file system that is accessed in parallel by multiple applications. The company is looking at moving the applications and data stores to AWS Cloud. Which storage service should the company use to move their files to AWS Cloud seamlessly if the application is hosted on Amazon EC2 instances?

Amazon Elastic File System (Amazon EFS) - Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on-demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. Amazon EFS is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies. Amazon EFS is well suited to support a broad spectrum of use cases from home directories to business-critical applications. Customers can use EFS to lift-and-shift existing enterprise applications to the AWS Cloud. Other use cases include big data analytics, web serving and content management, application development and testing, media and entertainment workflows, database backups, and container storage. Amazon EFS offers two storage classes: the Standard storage class, and the Infrequent Access storage class (EFS IA). EFS IA provides price/performance that's cost-optimized for files not accessed every day. By simply enabling EFS Lifecycle Management on your file system, files not accessed according to the lifecycle policy you choose will be automatically and transparently moved into EFS IA.

Which of the following are NoSQL database services from AWS? (Select two)

Amazon Neptune - A graph database's purpose is to make it easy to build and run applications that work with highly connected datasets. Typical use cases for a graph database include social networking, recommendation engines, fraud detection, and knowledge graphs. Amazon Neptune is a fully-managed graph database service and it's also considered as a type of NoSQL database. Amazon DocumentDB - In application code, data is represented often as an object or JSON-like document because it is an efficient and intuitive data model for developers. Document databases make it easier for developers to store and query data in a database by using the same document model format that they use in their application code. Amazon DocumentDB (with MongoDB compatibility) and MongoDB are popular document databases that provide powerful and intuitive APIs for flexible and iterative development.

An e-learning company wants to build a knowledge graph by leveraging a fully managed database. Which of the following is the best fit for this requirement?

Amazon Neptune - Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. The core of Amazon Neptune is a purpose-built, high-performance graph database engine optimized for storing billions of relationships and querying the graph with milliseconds latency. Amazon Neptune is tailor-built for use cases like Knowledge Graphs, Identity Graphs, Fraud Detection, Recommendation Engines, Social Networking, Life Sciences, and so on. Amazon Neptune supports popular graph models Property Graph and W3C's RDF, and their respective query languages Apache TinkerPop Gremlin and SPARQL, allowing you to easily build queries that efficiently navigate highly connected datasets. Neptune powers graph use cases such as recommendation engines, fraud detection, knowledge graphs, drug discovery, and network security. Amazon Neptune is highly available, with read-replicas, point-in-time recovery, continuous backup to Amazon S3, and replication across Availability Zones. Neptune is secure with support for HTTPS encrypted client connections and encryption at rest. Neptune is fully managed, so you no longer need to worry about database management tasks such as hardware provisioning, software patching, setup, configuration, or backups.

A supply chain company is looking for a database that provides a centrally verifiable history of all changes made to data residing in it. This functionality is critical for the product and needs to be available off-the-shelf without the need for any customizations. Which of the following databases is the right choice for this use-case?

Amazon Quantum Ledger Database - Amazon QLDB is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log ‎owned by a central trusted authority. Amazon QLDB can be used to track each and every application data change and maintains a complete and verifiable history of changes over time. Ledgers are typically used to record a history of economic and financial activity in an organization. Many organizations build applications with ledger-like functionality because they want to maintain an accurate history of their applications' data, for example, tracking the history of credits and debits in banking transactions, verifying the data lineage of an insurance claim, or tracing the movement of an item in a supply chain network. Ledger applications are often implemented using custom audit tables or audit trails created in relational databases. Amazon QLDB is a new class of database that eliminates the need to engage in the complex development effort of building your own ledger-like applications. With QLDB, your data's change history is immutable - it cannot be altered or deleted - and using cryptography, you can easily verify that there have been no unintended modifications to your application's data. QLDB uses an immutable transactional log, known as a journal, that tracks each application data change and maintains a complete and verifiable history of changes over time. QLDB is easy to use because it provides developers with a familiar SQL-like API, a flexible document data model, and full support for transactions. QLDB's streaming capability provides a near real-time flow of your data stored within QLDB, allowing you to develop event-driven workflows, real-time analytics, and to replicate data to other AWS services to support advanced analytical processing. QLDB is also serverless, so it automatically scales to support the demands of your application. There are no servers to manage and no read or write limits to configure. With QLDB, you only pay for what you use.

An e-commerce application sends out messages to a downstream application whenever an order is created. The downstream application processes the messages and updates its own systems. Currently, the two applications directly communicate with each other. Which service will you use to decouple this architecture, without any communication loss between the two systems?

Amazon Simple Queue Service (SQS) - Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. Get started with SQS in minutes using the AWS console, Command Line Interface or SDK of your choice, and three simple commands. Amazon SQS uses a pull mechanism, i.e. the messages in the queue are available till a registered process pulls the messages to process them. This decouples the architecture since the second application does not need to be available all the time to process messages coming from application one.

A healthcare company wants to implement a continuous replication based disaster recovery mechanism and provide fast, reliable recovery of physical, virtual, and cloud-based servers into AWS Cloud. Which of the following represents the best-fit solution for this use case?

CloudEndure Disaster Recovery - CloudEndure Disaster Recovery, available from the AWS Marketplace, continuously replicates server-hosted applications and server-hosted databases from any source into AWS using block-level replication of the underlying server. CloudEndure Disaster Recovery enables you to use AWS Cloud as a disaster recovery Region for an on-premises workload and its environment. It can also be used for disaster recovery of AWS hosted workloads if they consist only of applications and databases hosted on EC2 (i.e. not RDS). Features of CloudEndure Disaster Recovery: Continuous replication: CloudEndure Disaster Recovery provides continuous, asynchronous, block-level replication of your source machines into a staging area. This allows you to achieve sub-second Recovery Point Objectives (RPOs), since up-to-date applications are always ready to be spun up on AWS if a disaster strikes. Low-cost staging area: Data is continually kept in sync in a lightweight staging area in your target AWS Region. The staging area contains low-cost resources that are automatically provisioned and managed by CloudEndure Disaster Recovery. This eliminates the need for duplicate resources and significantly reduces your disaster recovery total cost of ownership (TCO). Automated machine conversion and orchestration: In the event of a disaster or drill, CloudEndure Disaster Recovery triggers a highly automated machine conversion process and a scalable orchestration engine that quickly spins up thousands of machines in your target AWS Region in parallel. This enables Recovery Time Objectives (RTOs) of minutes. Unlike application-level solutions, CloudEndure Disaster Recovery replicates entire machines, including OS, system state configuration, system disks, databases, applications, and files. Point-in-time recovery: Granular point-in-time recovery allows you to recover applications and IT environments that have been corrupted as a result of accidental system changes, ransomware, or other malicious attacks. In such cases, you can launch applications from a previous consistent point in time rather than launching applications in their most up-to-date state. During the recovery, you can select either the latest state or an earlier state from a list of points in time. Easy, non-disruptive drills: With CloudEndure Disaster Recovery, you can conduct disaster recovery drills without disrupting your source environment or risking data loss. During drills, CloudEndure Disaster Recovery spins up machines in your target AWS Region in complete isolation to avoid network conflicts and performance impact. Wide application and infrastructure support: Because CloudEndure Disaster Recovery replicates data at the block level, you can use it for all applications and databases that run on supported versions of Windows and Linux OS.

Due to regulatory guidelines, a company needs to encrypt data as it passes through the different layers of its AWS architecture. The company is reviewing the capabilities of the various AWS services and their encryption options. Which of the below services are encrypted by default and need no user intervention to enable encryption?

CloudTrail Logs, S3 Glacier, AWS Storage Gateway - By default, all data stored by AWS Storage Gateway in S3 is encrypted server-side with Amazon S3-Managed Encryption Keys (SSE-S3). Also, you can optionally configure different gateway types to encrypt stored data with AWS Key Management Service (KMS) via the Storage Gateway API. Data at rest stored in S3 Glacier is automatically server-side encrypted using 256-bit Advanced Encryption Standard (AES-256) with keys maintained by AWS. If you prefer to manage your own keys, you can also use client-side encryption before storing data in S3 Glacier. By default, the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable, you can instead use server-side encryption with AWS KMS-managed keys (SSE-KMS) for your CloudTrail log files. To use SSE-KMS with CloudTrail, you create and manage a KMS key, also known as a customer master key (CMK).

A financial services company wants to ensure that its AWS account activity meets the governance, compliance and auditing norms. As a Cloud Practitioner, which AWS service would you recommend for this use-case?

Cloudtrail

Which AWS services can be used to facilitate organizational change management, part of the Reliability pillar of AWS Well-Architected Framework? (Select three)

Cloudtrail, Config, Cloudwatch

Which AWS service can be used to set up billing alarms to monitor estimated charges on your AWS account?

Cloudwatch

The engineering team at an IT company wants to monitor the CPU utilization for its fleet of EC2 instances and send an email to the administrator if the utilization exceeds 80%. As a Cloud Practitioner, which AWS services would you recommend to build this solution? (Select two)

Cloudwatch and SNS

An IT company wants to run a log backup process every Monday at 2 AM. The usual runtime of the process is 5 minutes. As a Cloud Practitioner, which AWS services would you recommend to build a serverless solution for this use-case? (Select two)

Cloudwatch lambda

A multi-national company has its business-critical data stored on a fleet of Amazon EC2 instances, in various countries, configured in region-specific compliance rules. To demonstrate compliance, the company needs to submit historical configurations on a regular basis. Which AWS service is best suited for this requirement?

Config

An organization has a complex IT architecture involving a lot of system dependencies and it wants to track the history of changes to each resource. Which AWS service will help the organization track the history of configuration changes for all the resources?

Config

Which of the following statements are true about AWS Regions and Availability Zones (AZs)? (Select two)

Each AWS Region consists of multiple, isolated, and physically separate AZ's within a geographic area All traffic between AZ's is encrypted

A team lead is reviewing the AWS services that can be used in the development workflow for his company. Which of the following statements are correct regarding the capabilities of these AWS services? (Select three)

Each CodeStar project includes development tools, including AWS CodePipeline, AWS CodeCommit, AWS CodeBuild, and AWS CodeDeploy, that can be used on their own and with existing AWS applications CodePipeline uses Amazon CloudWatch Events to detect changes in CodeCommit repositories used as a source for a pipeline You can use AWS CodeStar and AWS Cloud9 to develop, build, and deploy a serverless web application

What is cloudfront?

It is used to deliver entire website including static, dynamic, streaming, and interactive content using a global network of edge locations. Requests for your content are automatically routed to the nearest edge location, so content is delivered with the best possible performance.

A leading research firm needs to access information available in old patents and documents (such as PDFs, Text Files, Word documents, etc) present in its huge knowledge base. The firm is looking for a powerful search tool that can dig into these knowledge resources and return the most relevant files/documents. Which of the following is the correct service to address this requirement?

Kendra

Which of the following statements are CORRECT regarding Security Groups and Network Access Control Lists (NACLs)? (Select two)

Stateful, allows for automatic return traffic A NACL contains a numbered list of rules and evaluates these rules in the increasing order while deciding whether to allow the traffic

Which AWS service can be used to view the most comprehensive billing details for the past month?

The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour or month, by product or product resource, or by tags that you define yourself.

An online retail clothing store is looking for a service/tool to easily create and embed 3D scenes into their existing web pages to enhance user experience and improve sales. Which AWS service will help create these 3D visuals?

Sumerian

The DevOps team at an IT company wants to centrally manage its servers on AWS Cloud as well as on-premise data center so that it can collect software inventory, run commands, configure and patch servers at scale. As a Cloud Practitioner, which AWS service would you recommend for this use-case?

Systems Manager

What are the different gateway types supported by AWS Storage Gateway service?

Tape gateway, file gateway, valume gateway

Which of the following statements are correct regarding the health monitoring and reporting capabilities supported by AWS Elastic Beanstalk? (Select two)

The Elastic Beanstalk health monitoring can determine that the environment's Auto Scaling group is available and has a minimum of at least one instance - In addition to Elastic Load Balancing health checks, Elastic Beanstalk monitors resources in your environment and changes health status to red if they fail to deploy, are not configured correctly, or become unavailable. These checks confirm that: 1. The environment's Auto Scaling group is available and has a minimum of at least one instance. 2. The environment's security group is available and is configured to allow incoming traffic on port 80. 3. The environment CNAME exists and is pointing to the right load balancer. 4. In a worker environment, the Amazon Simple Queue Service (Amazon SQS) queue is being polled at least once every three minutes. With basic health reporting, the Elastic Beanstalk service does not publish any metrics to Amazon CloudWatch - With basic health reporting, the Elastic Beanstalk service does not publish any metrics to Amazon CloudWatch. The CloudWatch metrics used to produce graphs on the Monitoring page of the environment console are published by the resources in your environment.

An IT company would like to move its IT resources (including any data and applications) from an AWS Region in the US to another AWS Region in Europe. Which of the following represents the correct solution for this use-case?

The company should just start creating new resources in the destination AWS Region and then migrate the relevant data and applications into this new AWS Region - The company needs to create resources in the new AWS Region and then move the relevant data and applications into the new AWS Region. There is no off-the-shelf solution or service that the company can use to facilitate this transition.

Code Pipeline

a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates.

gateway endpoint

a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service

AWS Systems Manager

allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources. You can create logical groups of resources such as applications, different layers of an application stack, or production versus development environments.

AWS X-Ray

analyze and debug serverless and distributed applications such as those built using a microservices architecture.

AWS Systems Manager Session Manager

fully-managed service that provides you with an interactive browser-based shell and CLI experience. It helps provide secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, and manage SSH keys. Session Manager helps to enable compliance with corporate policies that require controlled access to instances, increase security and auditability of access to the instances while providing simplicity and cross-platform instance access to end-users.

AWS ECS Instance Connect

provides a simple and secure way to connect to your Linux instances using Secure Shell (SSH)

AWS Instance Store

provides temporary block-level storage for your EC2 instance. This storage is located on disks that are physically attached to the host computer


Kaugnay na mga set ng pag-aaral

Vocab for Chapter 7: Jacquie Red Feather

View Set

Study guide for science chapter 5 test

View Set