AWS Cloud Pract
Which duties are the responsibility of a company that is using AWS Lambda? (Choose two.) A. Security inside of code B. Selection of CPU resources C. Patching of operating system D. Writing and updating of code E. Security of underlying infrastructure
A. Security inside of code C. Patching of operating system
A company plans to create a data lake that uses Amazon S3. Which factor will have the MOST effect on cost? A. The selection of S3 storage tiers B. Charges to transfer existing data into Amazon S3 C. The addition of S3 bucket policies D. S3 ingest fees for each request
A. The selection of S3 storage tiers
Amazon EFS (Elastic File System)
Designed as a native multi-AZ file system for NFS file shares
Amazon FSx for Lustre
Designed for distributed high-performance computing workloads
Amazon FSx for Windows File Server
Designed to support SMB file shares in a single-AZ configuration
Amazon EBS (Elastic Block Storage)
Designed to support block storage volumes with Amazon EC2 instances
Amazon Simple Storage Service (S3)
Designed to support millions of storage objects and accessed using REST APIs
What are the contract length options for Amazon EC2 Reserved Instances? (Select TWO.) 1 year 2 years 3 years 4 years
1 year 3 years Reserved Instances require a commitment of either 1 year or 3 years. The 3-year option offers a larger discount.
The AWS Free Tier includes offers that are available to new AWS customers for a certain period of time following their AWS sign-up date. What is the duration of this period? 3 months 6 months 9 months 12 months
12 months
Which statement is TRUE for the AWS global infrastructure? A Region consists of a single Availability Zone. An Availability Zone consists of two or more Regions. A Region consists of two or more Availability Zones. An
A Region consists of two or more Availability Zones. For example, the South America (São Paulo) Region is sa-east-1. It includes three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c.
Which statement best describes an IAM policy? An authentication process that provides an extra layer of protection for your AWS account A document that grants or denies permissions to AWS services and resources An identity that you can assume to gain temporary access to permissions The identity that is established when you first create an AWS account
A document that grants or denies permissions to AWS services and resources. IAM policies provide you with the flexibility to customize users' levels of access to resources. For instance, you can allow users to access all the Amazon S3 buckets in your AWS account or only a specific bucket.
Which statement best describes Amazon CloudFront? A service that enables you to run infrastructure in a hybrid cloud approach A serverless compute engine for containers A service that enables you to send and receive messages between software components through a queue A global content delivery service
A global content delivery service. Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpage
Which statement best describes Amazon DynamoDB? A service that enables you to run relational databases in the AWS Cloud A serverless key-value database service A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores An enterprise-class relational database
A serverless key-value database service. Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage servers.
Which statement best describes an Availability Zone? A geographical area that contains AWS resources A single data center or group of data centers within a Region A data center that an AWS service uses to perform service-specific operations A service that you can use to run AWS infrastructure within your own on-premises data center in a hybrid approach
A single data center or group of data centers within a Region
A user is planning to launch three EC2 instances behind a single Elastic Load Balancer. The deployment should be highly available. A. Launch the instances across multiple Availability Zones in a single AWS Region. B. Launch the instances as EC2 Spot Instances in the same AWS Region and the same Availability Zone. C. Launch the instances in multiple AWS Regions, and use Elastic IP addresses. D. Launch the instances as EC2 Reserved Instances in the same AWS Region, but in different Availability Zones.
A. "Launch the instances across multiple Availability Zones in a single AWS Region." To make the deployment highly available the user should launch the instances across multiple Availability Zones in a single AWS Region. Elastic Load Balancers can only serve targets in a single Region so it is not possible to deploy across Regions.
Which AWS Snow Family device is well suited for applications with minimal available space and require maximum portability? A. AWS SNOWCONE B. AWS SNOWBALL EDGE STORAGE OPTIMIZED C. AWS SNOWBALL EDGE COMPUTE OPTIMIZED D. AWS SNOWMOBILE
A. AWS SNOWCONE AWS Snowcone is the smallest member of the AWS Snow Family. The device weighs under five pounds. Its size makes it Ideal for use cases with limited space requirements or that require maximum portability.
A company needs to simultaneously process hundreds of requests from different users. Which combination of AWS services should the company use to build an operationally efficient solution? A. Amazon Simple Queue Service (Amazon SQS) and AWS Lambda B. AWS Data Pipeline and Amazon EC2 C. Amazon Kinesis and Amazon Athena D. AWS Amplify and AWS AppSync
A. Amazon Simple Queue Service (Amazon SQS) and AWS Lambda Keywords: process hundreds of requests from different users
Which AWS service or feature can a company use to determine which business unit is using specific AWS resources? A. Cost allocation tags B. Key pairs C. Amazon Inspector D. AWS Trusted Advisor
A. Cost allocation tags Easy way to tag resources on AWS
A customer needs to determine Total Cost of Ownership (TCO) for a workload that requires physical isolation. Which hosting model should be used? A. Dedicated Hosts B. Reserved Instances C. On-Demand Instances D. Spot Instances
A. Dedicated Hosts dedicated hosts can be considered "hosting model" as it determines that actual underlying infrastructure that is used for running your workload. All of the other answers are simply pricing plans for shared hosting models.
Which of the following are benefits of migrating to the AWS Cloud? (Choose two.) A. Operational resilience B. Discounts for products on Amazon.com C. Business agility D. Business excellence E. Increased staff retention
A. Operational resilience C. Business agility
Which pricing tool enables you to receive alerts when your service usage exceeds a threshold that you have defined? Billing dashboard in the AWS Management Console AWS Budgets AWS Free Tier AWS Cost Explorer
AWS Budgets. In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted. Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda.
Which pricing tool is used to visualize, understand, and manage your AWS costs and usage over time? AWS Pricing Calculator AWS Budgets AWS Cost Explorer AWS Free Tier
AWS Cost Explorer. AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.
Which AWS transfer service would you use to update files from an on-premises NFS file system to Amazon Elastic File System (Amazon EFS) storage on a regular schedule? AWS Transfer Family AWS DataSync AWS Snowcone and AWS Snowball Edge AWS Application Migration Service
AWS DataSync AWS DataSync can be scheduled or run on demand. AWS Transfer Family is for data transfer workflows. AWS Snow Family is used for offline data transfers. AWS Application Migration Service copies changes to your on-premises applications and data in real time.
Which statement best describes the AWS DataSync service? AWS DataSync synchronously copies data between supported source and target storage resources. AWS DataSync allows real-time updates of data between supported source and target storage resources. AWS DataSync only supports one-way data transfers between on-premises storage and AWS Storage services in the AWS Cloud. AWS DataSync is used to asynchronously transfer data between supported source and target storage resources
AWS DataSync is used to asynchronously transfer data between supported source and target storage resources
Which component or service can be used to establish a private dedicated connection between your company's data center and AWS? Private subnet DNS AWS Direct Connect Amazon CloudFront
AWS Direct Connect
Which AWS storage services are available for local storage on AWS Outposts? (Select TWO)
AWS EBS & AWS S3 Amazon EBS is natively available on all AWS Outposts implementations. You can Include Amazon S3 in your Outposts configuration. As of this writing, other AWS Storage services are not available as local services on Outposts.
A company wants to migrate a critical application to AWS. The application has a short runtime. The application is invoked by changes in data or by shifts in system state. The company needs a compute solution that maximizes operational efficiency and minimizes the cost of running the application. Which AWS solution should the company use to meet these requirements? A. Amazon EC2 On-Demand Instances B. AWS Lambda C. Amazon EC2 Reserved Instances D. Amazon EC2 Spot Instances
AWS Lambda Keywords: short runtime; minimize cost of running the app
Which service helps protect your applications against distributed denial-of-service (DDoS) attacks? Amazon GuardDuty Amazon Inspector AWS Artifact AWS Shield
AWS Shield. As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.
Your organization is planning to migrate offline 135 TB of file data from a hosted-data center to your new Amazon S3 buckets as part of your overall migration strategy. You have a requirement to systematically add tags based on file types and user information. You have an application developed that requires only 4 vCPUs and 8 GB of memory to operate. Which AWS Snow Family device would be most cost effective and require the fewest devices to accomplish the task? AWS Snowcone SSD AWS Snowball Edge Storage Optimized AWS Snowball Edge Compute Optimized AWS Snowmobile
AWS Snowball Edge Storage Optimized AWS Snowball Edge Storage Optimized with compute devices would require only two devices and meets all of the other application requirements. AWS Snowball Edge Storage Optimized would require four devices. AWS Snowcone SSD would require 10 devices. AWS Snowmobile would be cost prohibitive for this size of data transfer job.
You organization has a requirement to quickly send copies of 7TB of your data that is stored in Amazon S3 to multiple remote locations for a coordinated project. Which AWS Snow Family devices would be the most cost effective and meet the requirements? (Select TWO.)
AWS Snowcone HDD AWS Snowcone HDD AWS Snowcone comes in an 8TB HDD version and an 14TB SSD version. Either device could meet the requirements. You would need to check device availability and pricing for the AWS Region where your Amazon S3 bucket is located to select appropriate device to meet the project's time requirements.
Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions? Amazon CloudWatch AWS CloudTrail AWS Trusted Advisor Amazon GuardDuty
AWS Trusted Advisor. AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks, such as Amazon S3 buckets with open access permissions.
Which tasks can you complete in AWS Artifact? (Select TWO.) Access AWS compliance reports on-demand. Consolidate and manage multiple AWS accounts within a central location. Create users to enable people and applications to interact with AWS services and resources. Set permissions for accounts by configuring service control policies (SCPs). Review, accept, and manage agreements with AWS.
Access AWS compliance reports on-demand. Review, accept, and manage agreements with AWS.
Best for Data that requires Retention Instance stores Amazon EBS volumes
Amazon EBS volumes
When stopping or terminating an EC2 instance, data remains Available Instance stores Amazon EBS volumes
Amazon EBS volumes
Which core AWS Storage service is used as the underlying storage for CloudEndure Migration service? Amazon Elastic Block Store (Amazon EBS) Amazon Elastic File System (Amazon EFS) Amazon Simple Storage Service (Amazon S3) Amazon FSx for Windows File Server
Amazon Elastic Block Store (Amazon EBS) CloudEndure Migration uses Amazon EC2 instances and Amazon EBS volumes. CloudEndure Migration copies and updates in real time your operating systems, applications, and data from your on-premises application servers to the AWS Cloud. CloudEndure first stages your application using low-cost EC2 instances and EBS volumes. When you are ready to migrate to the AWS Cloud, the low-cost EC2 instances and EBS volumes are upgrade to production level EC2 instances and EBS volumes.
Which storage service would a developer choose to perform a lift and shift of an on-premises database application that runs on dedicated servers without modification to the storage service in the AWS Cloud?
Amazon Elastic Block Store (Amazon EBS) [Keyword: lift and shift, self managed database migrations]
You want to deploy and manage containerized applications. Which service should you use? AWS Lambda Amazon Simple Notification Service (Amazon SNS) Amazon Simple Queue Service (Amazon SQS) Amazon Elastic Kubernetes Service (Amazon EKS)
Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EKS is a fully managed Kubernetes service. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale
Which AWS Storage Gateway Family service is used to connect cloud-based Server Message Block (SMB) shares with on-premises applications and workflows.
Amazon FSx File Gateway Amazon F5x File Gateway is used to work with your Windows-based applications and workflows. Amazon S3 File Gateway supports SMB and Network Flle System (NFS) protocols while storing your files as Amazon S3 objects.
A developer is designing a high performance compute environment that requires millions of IOPS servicing thousands of Amazon EC2 Linux instances. Which AWS Storage service is best suited for this use case?
Amazon FSx for Lustre [Keyword: high performance computing environments servicing thousands of compute instances of IOPs]
A company has decided to move all of their storage resources to AWS. Their development staff and systems operations management staff come from an environment with Microsoft Server operating systems. The staff's concern is their ability to quickly recreate their existing storage services in AWS and migrate their applications without having to learn new storage systems. Which storage service best addresses the staffs concern?
Amazon FSx for Windows File Server [Keywords: Microsoft Server..since the staff comes from a Microsoft Windows environment already]
Which service is used to query and analyze data across a data warehouse? Amazon Redshift Amazon Neptune Amazon DocumentDB Amazon ElastiCache
Amazon Redshift. Amazon Redshift is a data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.
Which service is used to manage the DNS records for domain names? Amazon Virtual Private Cloud AWS Direct Connect Amazon CloudFront Amazon Route 53
Amazon Route 53. Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS. Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53
Which AWS Storage Gateway service is used to store Network File System (NFS) and Server Message Block (SMB) files in customer-manageable object storage in the AWS Cloud?
Amazon S3 File Gateway Amazon S3 File Gateway connects on-premises NFS and SMB file shares to customer-managed Amazon S3 object storage.
Which AWS service is the best choice for publishing messages to subscribers? Amazon Simple Queue Service (Amazon SQS) Amazon EC2 Auto Scaling Amazon Simple Notification Service (Amazon SNS) Elastic Load Balancing
Amazon Simple Notification Service (Amazon SNS) Amazon SNS is a publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.
You want to store data in an object storage service. Which AWS service is best for this type of storage? Amazon Managed Blockchain Amazon Elastic File System (Amazon EFS) Amazon Elastic Block Store (Amazon EBS) Amazon Simple Storage Service (Amazon S3)
Amazon Simple Storage Service (Amazon S3)
Which core AWS Storage service does AWS Backup use to store the full and incremental data copies? Amazon Elastic Block Store (Amazon EBS) Amazon Elastic File System (Amazon EFS) Amazon FSx for Windows File Server Amazon Simple Storage Service (Amazon S3)
Amazon Simple Storage Service (Amazon S3) AWS Backup and native snapshots are stored in AWS managed Amazon S3 buckets.
Which AWS Storage service has storage classes suited for long term archival storage at a low cost per GB?
Amazon Simple Storage Service (S3) [Keyword: storage classes for long term archival storage]
AWS EBS v. AWS EFS
An Amazon EBS volume stores data in a single Availability Zone. To attach an Amazon EC2 instance to an EBS volume, both the Amazon EC2 instance and the EBS volume must reside within the same Availability Zone. Amazon EFS is a regional service. It stores data in and across multiple Availability Zones. The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region where a file system is located. Additionally, on-premises servers can access Amazon EFS using AWS Direct Connect.
You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.) IAM users IAM groups An individual member account IAM roles An organizational unit (OU)
An individual member account An organizational unit (OU) In AWS Organizations, you can apply service control policies (SCPs) to the organization root, an individual member account, or an OU. An SCP affects all IAM users, groups, and roles within an account, including the AWS account root user. You can apply IAM policies to IAM users, groups, or roles. You cannot apply an IAM policy to the AWS account root user.
A company wants to migrate its workloads to AWS, but it lacks expertise in AWS Cloud computing. Which AWS service or feature will help the company with its migration? A. AWS Trusted Advisor B. AWS Consulting Partners C. AWS Artifacts D. AWS Managed Services
B. AWS Consulting Partners Keywords: migrate workloads/solutions Consulting partners help companies with little expertise to design/build/migrate/manage
Which documentation does AWS Artifact provide? A. Amazon EC2 terms and conditions B. AWS ISO certifications C. A history of a company's AWS spending D. A list of previous-generation Amazon EC2 instance types
B. AWS ISO certifications AWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports
Which component of the AWS global infrastructure is made up of one or more discrete data centers that have redundant power, networking, and connectivity? A. AWS Region B. Availability Zone C. Edge location D. AWS Outposts
B. Availability Zone discrete data centers that have redundant power
Which task requires using AWS account root user credentials? A. Viewing billing information B. Changing the AWS Support plan C. Starting and stopping Amazon EC2 instances D. Opening an AWS Support case
B. Changing the AWS Support plan
A company wants to review its monthly costs of using Amazon EC2 and Amazon RDS for the past year. Which AWS service or tool provides this information? A. AWS Trusted Advisor B. Cost Explorer C. Amazon Forecast D. Amazon CloudWatch
B. Cost Explorer Keyword: monthly costs
Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.) A. Reserved Instances B. EC2 Amazon Machine Images (AMIs) C. Amazon Elastic Block Store (Amazon EBS) snapshots D. AWS Shield E. Amazon GuardDuty
B. EC2 Amazon Machine Images (AMIs) C. Amazon Elastic Block Store (Amazon EBS) snapshots
What are some advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on premises? (Choose two.) A. EC2 includes operating system patch management. B. EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM). C. EC2 has a 100% service level agreement (SLA). D. EC2 has a flexible, pay-as-you-go pricing model. E. EC2 has automatic storage cost optimization.
B. EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM). B - Increase speed and agility D - Stop spending money running and maintaining data centers
A company is migrating to the AWS Cloud instead of running its infrastructure on premises. Which of the following are advantages of this migration? (Choose two.) A. Elimination of the need to perform security auditing B. Increased global reach and agility C. Ability to deploy globally in minutes D. Elimination of the cost of IT staff members E. Redundancy by default for all compute services
B. Increased global reach and agility C. Ability to deploy globally in minutes
Which design principles are enabled by the AWS Cloud to improve the operation of workloads? (Select TWO) A. Minimize platform design B. Loose coupling C. Customized hardware D. Remove single points of failure E. Minimum viable product
B. Loose coupling D. Remove single points of failure Loose coupling is when you break systems down into smaller components that are loosely coupled together. This reduces interdependencies between systems components. This is achieved in the cloud using messages buses, notification and messaging services. Removing single points of failure ensures fault tolerance and high availability. This is easily achieved in the cloud as the architecture and features of the cloud support the implementation of highly available and fault tolerant systems.
A large company is interested in avoiding long-term contracts and moving from fixed costs to variable costs. What is the value proposition of AWS for this company? A. Economies of scale B. Pay-as-you-go pricing C. Volume pricing discounts D. Automated cost optimization
B. Pay-as-you-go pricing Pay-as-you-go pricing helps companies move away from fixed costs to variable costs in a model in which they only pay for what they actually use. There are no fixed term contracts with AWS so that requirement is also met.
A company is planning to replace its physical on-premises compute servers with AWS serverless compute services. The company wants to be able to take advantage of advanced technologies quickly after the migration. Which pillar of the AWS Well-Architected Framework does this plan represent? A. Security B. Performance efficiency C. Operational excellence D. Reliability
B. Performance efficiency Keyword: serverless compute services
Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand? A. Security B. Reliability C. Performance efficiency D. Cost optimization
B. Reliability reliability pillar focuses on workloads performing their intended functions and how to recover quickly from failure to meet demand
A company is launching an ecommerce application that must always be available. The application will run on Amazon EC2 instances continuously for the next 12 months. What is the MOST cost-effective instance purchasing option that meets these requirements? A. Spot Instances B. Savings Plans C. Dedicated Hosts D. On-Demand Instances
B. Savings Plans - Amazon EC2 Savings Plans - reduce your compute costs by usage of 1yr or 3yr term.
Which AWS service or tool should a company use to centrally request and track service limit increases? A. AWS Config B. Service Quotas C. AWS Service Catalog D. AWS Budgets
B. Service Quotas Keywords: centrally request/track service (quota) increase
A company needs to establish a connection between two VPCs. The VPCs are located in two different AWS Regions. The company wants to use the existing infrastructure of the VPCs for this connection. Which AWS service or feature can be used to establish this connection? A. AWS Client VPN B. VPC peering C. AWS Direct Connect D. VPC endpoints
B. VPC peering Keywords: establish a connection between two VPCs Connect two VPCs, privately using VPC peering
Which of the following are components of an AWS Site-to-Site VPN connection? (Choose two.) A. AWS Storage Gateway B. Virtual private gateway C. NAT gateway D. Customer gateway E. Internet gateway
B. Virtual private gateway D. Customer gateway Site-to-Site VPN connections can configure routing to pass traffic through the connection
Which Support plan includes all AWS Trusted Advisor checks at the lowest cost? Basic Developer Business Enterprise
Business
A user is comparing purchase options for an application that runs on Amazon EC2 and Amazon RDS. The application cannot sustain any interruption. The application experiences a predictable amount of usage, including some seasonal spikes that last only a few weeks at a time. It is not possible to modify the application. Which purchase option meets these requirements MOST cost-effectively? A. Review the AWS Marketplace and buy Partial Upfront Reserved Instances to cover the predicted and seasonal load. B. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run on Spot Instances. C. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run at an On-Demand rate. D. Buy Reserved Instances to cover all potential usage that results from the seasonal usage.
C. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run at an On-Demand rate. Keyword: cannot sustain any interruption, On demand does not terminate
According to the AWS shared responsibility model, what responsibility does a customer have when using Amazon RDS to host a database? A. Manage connections to the database B. Install Microsoft SQL Server C. Design encryption-at-rest strategies D. Apply minor database patches
C. Design encryption-at-rest strategies Keywords: shared responsibility; amazon RDS Use Amazon RDS encryption to secure your DB instances and snapshots at rest. Customers are responsible for managing their data (including encryption options)...
Which action can you perform with consolidated billing? Review how much cost your predicted AWS usage will incur by the end of the month. Create an estimate for the cost of your use cases on AWS. Combine usage across accounts to receive volume pricing discounts. Visualize and manage your AWS costs and usage over time.
Combine usage across accounts to receive volume pricing discounts.
Which important operational issues does AWS Backup help solve? (Select THREE.) Compliance requirements Data retention requirements Data availability requirements Data durability requirements Data resiliency requirements Data distribution requirements
Compliance requirements Data retention requirements Data durability requirements AWS Backup provides additional data durability by creating additional copies of your data. You can store copies of backups for as long as you are required to retain your data. Some compliance regulations require retention and immutable backup copies of your data.
Which factors should be considered when selecting a Region? (Select TWO.) Compliance with data governance and legal requirements Proximity to your customers Access to 24/7 technical support Ability to assign custom permissions to different users Access to the AWS Command Line Interface (AWS CLI
Compliance with data governance and legal requirements Proximity to your customers
You want to use an Amazon EC2 instance for a batch processing workload. What would be the best Amazon EC2 instance type to use? General purpose Memory optimized Compute optimized Storage optimized
Compute optimized Keyword - batch processing workload
Which task can AWS Key Management Service (AWS KMS) perform? Configure multi-factor authentication (MFA). Update the AWS account root user password. Create cryptographic keys. Assign permissions to users and groups.
Create cryptographic keys. AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.
What is the scope of a VPC within the AWS network? A. A VPC can span all Availability Zones globally. B. A VPC must span at least two subnets in each AWS Region. C. A VPC must span at least two edge locations in each AWS Region. D. A VPC can span all Availability Zones within an AWS Region.
D. A VPC can span all Availability Zones within an AWS Region.
Which AWS Snow Family devices could you choose for an edge application requiring device clustering? (Select TWO.) A. AWS Snowcone 8 TB SSD B. AWS Snowcone 14 TB SSD C. AWS Snowball Edge Storage Optimized without compute D. AWS Snowball Edge Storage Optimized with compute E. AWS Snowball Edge compute optimized
D. AWS Snowball Edge Storage Optimized with compute E. AWS Snowball Edge compute optimized You can order AWS Snowball Edge devices with compute capabilities as a cluster to Increase durability and compute processing capabilities. You can order clusters for local compute and storage only jobs. The Snowball Edge device must have compute capabilities. AWS Snowcone devices are not available in a cluster configuration.
Which AWS service or feature allows users to connect with and deploy AWS services programmatically? A. AWS Management Console B. AWS Cloud9 C. AWS CodePipeline D. AWS software development kits (SDKs)
D. AWS software development kits (SDKs) Keywords: connect/deploy services programmatically
A company is planning to run a global marketing application in the AWS Cloud. The application will feature videos that can be viewed by users. The company must ensure that all users can view these videos with low latency. Which AWS service should the company use to meet this requirement? A. AWS Auto Scaling B. Amazon Kinesis Video Streams C. Elastic Load Balancing D. Amazon CloudFront
D. Amazon CloudFront Amazon CloudFront is a content delivery network (CDN) service built for high performance, security, and developer convenience. CloudFront cashes to edge location Keyword: low latency
What advantages does a database administrator obtain by using the Amazon Relational Database Service (RDS)? A. RDS provides 99.99999999999% reliability and durability B. RDS databases automatically scale based on load C. RDS enables users to dynamically adjust CPU and RAM resources D. RDS simplifies relational database administration tasks
D. RDS simplifies relational database administration tasks Amazon RDS is a managed relational database service on which you can run several types of database software. The service is managed so this reduces the database administration tasks an administrator would normally undertake. The managed service includes hardware provisioning, database setup, patching and backups.
Which statement or statements are TRUE about Amazon EBS volumes and Amazon EFS file systems? EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones. EBS volumes store data across multiple Availability Zones. Amazon EFS file systems store data within a single Availability Zone. EBS volumes and Amazon EFS file systems both store data within a single Availability Zone. EBS volumes and Amazon EFS file systems both store data across multiple Availability Zones.
EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones. An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached. Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located.
Which site does Amazon CloudFront use to cache copies of content for faster delivery to users at any location? Region Availability Zone Edge location Origin
Edge location
Which process is an example of Elastic Load Balancing? Ensuring that no single Amazon EC2 instance has to carry the full workload on its own Removing unneeded Amazon EC2 instances when demand is low Adding a second Amazon EC2 instance during an online store's popular sale Automatically adjusting the number of Amazon EC2 instances to meet demand
Ensuring that no single Amazon EC2 instance has to carry the full workload on its own Elastic Load Balancing is the AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances. This helps to ensure that no single resource becomes overutilized.
Your company wants to receive support from an AWS Technical Account Manager (TAM). Which support plan should you choose? Developer Enterprise Basic Business
Enterprise. A Technical Account Manager (TAM) is available only to AWS customers with an Enterprise Support plan. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications
Which action can you perform with AWS Outposts? Automate actions for AWS services and applications through scripts. Access wizards and automated workflows to perform tasks in AWS services. Develop AWS applications in supported programming languages. Extend AWS infrastructure and services to your on-premises data center.
Extend AWS infrastructure and services to your on-premises data center.
Which statement best describes the principle of least privilege? Adding an IAM user into at least one IAM group Checking a packet's permissions against an access control list Granting only the permissions that are needed to perform specific tasks Performing a denial of service attack that originates from at least one device
Granting only the permissions that are needed to perform specific job tasks. When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed.
An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task? AWS account root user IAM group IAM role Service control policy (SCP)
IAM role. An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term
Why organizations move to the cloud
Increas agility Innovation Strengthen security Reduce costs Monthly expenses
Best for Temporary Data that is Not Kept Long Term Instance stores Amazon EBS volumes
Instance stores
When stopping or terminating an EC2 instance, data is deleted Instance stores Amazon EBS volumes
Instance stores
Which component is used to connect a VPC to the internet? Public subnet Edge location Security group Internet gateway
Internet gateway
Which statement best describes an AWS account's default network access control list? It is stateless and denies all inbound and outbound traffic. It is stateful and allows all inbound and outbound traffic. It is stateless and allows all inbound and outbound traffic. It is stateful and denies all inbound and outbound traffic.
It is stateless and allows all inbound and outbound traffic. Network access control lists (ACLs) perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound. Each AWS account includes a default network ACL. When configuring your VPC, you can use your account's default network ACL or create custom network ACLs. By default, your account's default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic should be allowed. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn't match any of the other rules on the list, the packet is denied.
Which core AWS Storage service does CloudEndure Disaster Recovery use for data storage? Amazon Elastic Block Store (Amazon EBS) Amazon Elastic File System (Amazon EFS) Amazon FSx for Lustre Amazon Simple Storage Service (Amazon S3)
Like AWS Application Migration Service, CloudEndure Disaster Recovery uses Amazon EBS to copy the operating system, application files, and data to AWS. The on-premises block data is replicated to the EBS volumes.
Which actions can you perform using Amazon CloudWatch? (Select TWO.) Monitor your resources' utilization and performance Receive real-time guidance for improving your AWS environment Compare your infrastructure to AWS best practices in five categories Access metrics from a single dashboard Automatically detect unusual account activity
Monitor your resources' utilization and performance Access metrics from a single dashboard
What is cloud computing? Backing up files that are stored on desktop and mobile devices to prevent data loss Deploying applications connected to on-premises infrastructure Running code without needing to manage or provision servers On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing
On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing
Which tasks are the responsibilities of customers? (Select TWO.) Maintaining network infrastructure Patching software on Amazon EC2 instances Implementing physical security controls at data centers Setting permissions for Amazon S3 objects Maintaining servers that run Amazon EC2 instances
Patching software on Amazon EC2 instances Setting permissions for Amazon S3 objects
What are the general pricing models used for AWS storage services?
Pay for actual used capacity (EFS & S3) & pay for provisioned capacity (EBS, FSx for Lustre..)
Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers' personal information. How should the developer configure the VPC according to best practices? Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet. Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet. Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.
Place the Amazon EC2 instances in a public subnet and the Amazon RDS databases instances in a private subnet.
What is another name for on-premises deployment? Private cloud deployment Cloud-based application Hybrid deployment AWS Cloud
Private cloud deployment
Cloud storage is
Reliable Scalable & secure
Which Amazon S3 storage classes are optimized for archival data? (Select TWO.) S3 Standard S3 Glacier S3 Intelligent-Tiering S3 Standard-IA S3 Glacier Deep Archive
S3 Glacier S3 Glacier Deep Archive Objects stored in the S3 Glacier storage class can be retrieved within a few minutes to a few hours. By comparison, objects that are stored in the S3 Glacier Deep Archive storage class can be retrieved within 12 hours.
You want to store data that is infrequently accessed but must be immediately available when needed. Which Amazon S3 storage class should you use? S3 Intelligent-Tiering S3 Glacier Deep Archive S3 Standard-IA S3 Glacier
S3 Standard-IA. The S3 Standard-IA storage class is ideal for data that is infrequently accessed but requires high availability when needed. Both S3 Standard and S3 Standard-IA store data in a minimum of three Availability Zones. S3 Standard-IA provides the same level of availability as S3 Standard but at a lower storage price.
Which file transfer protocols for file transfer workflows does the AWS Transfer Family supported?
SFTP, FTPS, and FTP
Which statement best describes security groups? They are stateful and deny all inbound traffic by default. They are stateful and allow all inbound traffic by default. They are stateless and deny all inbound traffic by default. They are stateless and allow all inbound traffic by default.
Security groups are stateful and deny all inbound traffic by default. Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance. By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.
Which AWS data protection service is native to Amazon Elastic Block Store (Amazon EBS) and Amazon FSx for Lustre and offers point-in-time consistent incremental copies? AWS Backup Snapshots Amazon Macie CloudEndure Disaster Recovery
Snapshots Snapshots offer point-in-time consistent incremental copies of the data.
You have a workload that will run for a total of 6 months and can withstand interruptions. What would be the most cost-efficient Amazon EC2 purchasing option? Reserved Instance Spot Instance Dedicated Instance On-Demand Instance
Spot Instance
How does the scale of cloud computing help you to save costs? You do not have to invest in technology resources before using them. The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices. Accessing services on-demand helps to prevent excess or limited capacity. You can quickly deploy applications to customers and provide them with low latency.
The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.
Which tasks can you perform using AWS CloudTrail? (Select TWO.) Monitor your AWS infrastructure and resources in real time Track user activities and API requests throughout your AWS infrastructure View metrics and graphs to monitor the performance of resources Filter logs to assist with operational analysis and troubleshooting Configure automatic actions and alerts in response to metrics
Track user activities and API requests throughout your AWS infrastructure Filter logs to assist with operational analysis and troubleshooting
Which statement best describes DNS resolution? Launching resources in a virtual network that you define Storing local copies of content at edge locations around the world Connecting a VPC to the internet Translating a domain name to an IP address
Translating a domain name to an IP address. For example, if you want to visit AnyCompany's website, you enter the domain name into your PC and this request is sent to a DNS server. Next, the DNS server asks the web server for the IP address that corresponds to AnyCompany's website. The web server responds by providing the IP address for AnyCompany's website, 192.0.2.0.
What are the scenarios in which you should use Amazon Relational Database Service (Amazon RDS)? (Select TWO.) Running a serverless database Using SQL to organize data Storing data in a key-value database Scaling up to 10 trillion requests per day Storing data in an Amazon Aurora database
Using SQL to organize data Storing data in an Amazon Aurora database
Which AWS Storage Gateway service is used to keep copies of your Amazon Elastic Block Store (Amazon EBS) data in a service-managed Amazon S3 bucket in the AWS Cloud?
Volume Gateway Volume Gateway makes coples of your Amazon EBS volumes and stores them in a service-managed Amazon S3 bucket.