AWS Cloud Practitioner Exam Questions
Distributing workloads across multiple Availability Zones supports which cloud architecture design principle? Implement automation. Design for agility. Design for failure. Implement elasticity
Implement automation
True or False: If you create a Classic Load Balancer via the AWS Management Console, cross-Availability Zone load balancing is enabled by default.
True
True or False: Using IAM Groups is the recommended way to manage IAM users' permissions by job function.
True
True or False: With DynamoDB, you can specify the amount of throughput you need for read and write operations.
True
Which of the following are key components of Amazon Glacier?
Vault Access Policy Archive (NOT BUCKET)
True or False: Auto Scaling allows you to add or remove EC2 instances from your EC2 fleet based on conditions you specify.
True
True or False: By default, all subnets within a VPC can communicate with each other.
True
The AWS Web Application Firewall can go down to which of the following OSI layers? 7 6 5 4
7 (WAF operates down to Layer 7)
Which of the following best describes an AWS Region?
A distinct location within a geographic area designed to provide high availability to a specific geography.
Which of the following best describes a Resource Group? A resource group is a collection of resources that are deployed in the same Availability Zone. A resource group is a collection of resources of the same type (EC2, S3, etc.) that are deployed in the same Availability Zone. A resource group is a collection of resources of the same type (EC2, S3, etc.) that share one or more tags or portions of tags. A resource group is a collection of resources that share one or more tags (or portions of tags.)
A resource group is a collection of resources that share one or more tags (or portions of tags.)
Which of the following best describes EBS?
A virtual hard-disk in the cloud
Where can a customer find information about prohibited actions on AWS infrastructure? AWS Trusted Advisor AWS Identity and Access Management (IAM) AWS Billing Console AWS Acceptable Use Policy
AWS Acceptable Use Policy
The use of what AWS feature or service allows companies to track and categorize spending on a detailed level? Cost allocation tags Consolidated billing AWS Budgets AWS Marketplace
AWS Budgets
Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated? Amazon CloudWatch AWS CloudTrail AWS X-Ray AWS Identity and Access Management (AWS IAM)
AWS CloudTrail
You are an AWS Enterprise customer with questions about billing and your overall AWS account. Which of the following AWS support personnel should you contact?
AWS Concierge
Which of the following AWS services should you use to migrate an existing database to AWS?
AWS DMS
Which AWS service would simplify migration of a database to AWS? AWS Storage Gateway AWS Database Migration Service (AWS DMS) Amazon Elastic Compute Cloud (Amazon EC2) Amazon AppStream 2.0
AWS Database Migration Service (AWS DMS)
Which of the following are valid access types for an IAM user? Emergency access via Identity Access Management (IAM) AWS Management Console access Using the AWS Software Developers Kit Security Group access via the AWS command line Programmatic access via the command line
AWS Management Console access Using the AWS Software Developers Kit Programmatic access via the command line
Which AWS offering enables customers to find, buy, and immediately start using software solutions in their AWS environment? AWS Config AWS OpsWorks AWS SDK AWS Marketplace
AWS Marketplace
A customer would like to design and build a new workload on AWS Cloud but does not have the AWS related software technical expertise in-house. Which of the following AWS programs can a customer take advantage of to achieve that outcome? AWS Partner Network Technology Partners AWS Marketplace AWS Partner Network Consulting Partners AWS Service Catalog
AWS Partner Network Consulting Partners
As an IT support center team member, you begin receiving calls from users about problems they're experiencing with your company's AWS-based point-of-sale system. You want to begin your investigation by checking with AWS for any service alerts they may be communicating. Which AWS tool will you give you the information you seek?
AWS Personal Health Dashboard
Which of the following AWS services gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources, alerting you and providing remediation guidance when AWS is experiencing events that my affect you?
AWS Personal Health Dashboard
What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice areas? AWS Enterprise Support AWS Solutions Architects AWS Professional Services AWS Account Managers
AWS Professional Services
Which of the following are Migration services? AWS Snowball AWS OpsWorks AWS Application Discovery Service AWS Config
AWS Snowball AWS Application Discovery Service
Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery? AWS Regions AWS edge locations AWS Availability Zones Amazon Virtual Private Cloud (Amazon VPC)
AWS edge locations
Which of the following are criteria affecting your billing for RDS? Additional storage Data transfer in Number of requests Clock hours of server time Standby time
Additional storage Number of requests Clock hours of server time
Which of the following is not database service? Amazon Aurora Amazon Redshift Amazon EBS Amazon Neptune
Amazon EBS
Which AWS services can host a Microsoft SQL Server database? (Select TWO.) Amazon EC2 Amazon Relational Database Service (Amazon RDS) Amazon Aurora Amazon Redshift Amazon S3
Amazon EC2 Amazon Relational Database Service (Amazon RDS)
Why is AWS more economical than traditional data centers for applications with varying compute workloads? Amazon Elastic Compute Cloud (Amazon EC2) costs are billed on a monthly basis. Customers retain full administrative access to their Amazon EC2 instances. Amazon EC2 instances can be launched on-demand when needed. Customers can permanently run enough instances to handle peak workloads.
Amazon EC2 instances can be launched on-demand when needed.
True or False: Data stored in Glacier is encrypted by default.
True
Your sales operations group would like to perform monthly analyses on large amounts of sales activity. They want to be able to rank the performance of different territories, product categories, and sales channels. They will use visualization tools to generate graphical representations of the data. Which AWS service will provide the best solution for storing the sales data?
Amazon Redshift
Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities? Amazon Glacier AWS Storage Gateway Amazon S3 Amazon EBS
Amazon S3
Which service would you use to send alerts based on Amazon CloudWatch alarms? Amazon Simple Notification Service (Amazon SNS) AWS CloudTrail AWS Trusted Advisor Amazon Route 53
Amazon Simple Notification Service (Amazon SNS)
Amazon VPC ________. 1. Affords you complete control of network configuration. 2. Offers several layers of security controls. 3. Allows you to build a private, virtual network in the AWS cloud. 4. Amazon VPC offers all of these features
Amazon VPC offers all of these features
Which AWS networking service enables a company to create a virtual network within AWS? AWS Config Amazon Route 53 AWS Direct Connect Amazon Virtual Private Cloud (Amazon VPC)
Amazon Virtual Private Cloud (Amazon VPC)
Which of the following Load Balancers uses Listeners, Targets, and Target Groups? Application Load Balancer Classic Load Balancer
Application Load Balancer
You use containers to host your microservices, and you need to route traffic to those applications using a single load balancer. Which of the following services should you use to accomplish this?
Application Load Balancer
Which of the following is AWS' managed database service that is up to 5X faster than a traditional MySQL database. DynamoDB MariaDB PostgreSQL Aurora
Aurora
The load on your application fluctuates by day of the week. Wednesdays have the most traffic; Saturdays have the least traffic. Which AWS service allows you to ensure you have the correct amount of compute capacity while also optimizing on a cost basis? EC2 Container Service CloudWatch Auto Scaling Trusted Advisor
Auto Scaling
You need to ensure that you have the correct number of EC2 instances available to handle the load for your application. Which AWS service should you use? Auto Scaling Elastic Load Balancer Route53 Application Load Balancer
Auto Scaling
Which of the following are components of Auto Scaling? Security Group Auto Scaling Group Resource Group Launch Configuration Auto Scaling Policy
Auto Scaling Group Launch Configuration Auto Scaling Policy
Which of the following AWS services are free to use? Elastic Beanstalk EC2 VPC Route53 EBS S3 Auto-Scaling RDS CloudFormation IAM
Auto-Scaling Elastic Beanstalk IAM CloudFormation VPC
Which AWS Load Balancer service uses a Least Outstanding Requests load distribution for HTTP requests?
Classic Load Balancer
Which of the following services helps you to faster deliver your content to your customers? CloudFront S3 Amazon Elastic File System Elastic Block Store
CloudFront
True or False: For IaaS resources, Users are responsible for the security of everything above the hypervisor layer.
True
Which of the following are components of the AWS Risk and Compliance Program? Risk Management Information Security Physical Security Identity and Access Management Security Principles Control Environment Environment Automation
Control Environment Information Security Risk Management
Which of the following are principles of sound design when it comes to performance efficiency? Mechanical empathy Have your IT staff master all new technologies. Use Serverless architectures. Deploy into multiple Regions to go global in minutes. Democratize advanced technologies.
Deploy into multiple Regions to go global in minutes. Use Serverless architectures. Democrative advanced technologies.
Which of the following support plans feature access to AWS support via email only during business hours ?
Developer
Which of the following is not a compute service? Elastic Beanstalk EC2 Lambda Elastic Block Store
Elastic Block Store
Which of the following best describes the ability to scale computing resources up or down easily, while only paying for the resources used? High Availability Fault-tolerance Scalability Elasticity
Elasticity
How would a system administrator add an additional layer of login security to a user's AWS Management Console? Use AWS Cloud Directory Audit AWS Identity and Access Management (IAM) roles Enable Multi-Factor Authentication Enable AWS CloudTrail
Enable Multi-Factor Authentication
Under the shared responsibility model, which of the following is the customer responsible for? Ensuring that disk drives are wiped after use. Ensuring that firmware is updated on hardware devices. Ensuring that data is encrypted at rest. Ensuring that network cables are category six or higher
Ensuring that data is encrypted at rest.
True or False: Authentication determines which AWS services a user has access to, and Authorization allows a user access to AWS the overall AWS environment.
False
True or False: By default, all data stored in S3 is viewable by the public.
False
True or False: It's safer to use Access Keys than it is to use IAM roles.
False
True or False: For a fixed monthly rate, you can choose detailed, once-a-minute monitoring of your EC2 instances.
True
True or False: The Standard version of AWS Shield offers automated application (layer 7) traffic monitoring.
False (Only AWS Shield Advanced offers automated application layer monitoring.)
True or False: To complete the process of creating a Multi-AZ RDS instance, you must copy the primary instance to a public subnet in a second Availability Zone.
False (To complete the process of creating a Multi-AZ RDS instance, you must copy the primary instance to a private subnet. AWS generates a standby, and transactions are synchronously replicated.)
True or False: For IaaS resources, AWS is responsible for the security of everything above the hypervisor layer.
False (Users are responsible for the security of their resources in the AWS cloud including the os, patching and apps.)
True or False: It's best practice not to use IAM Roles for applications that run on EC2 instances.
False (roles should always be used)
You are using your corporate directory to grant your users access to AWS services. What is this called?
Federated Access
A software development team needs to create numerous testing environments each day based on multiple concurrent project activities. Provisioning of these environments needs to happen within minutes to ensure that project deadlines are met. The number of environments needed daily varies depending shifting priorities in business requirements. How can the team best achieve the agility they need for creating the testing environments? Leverage AWS Auto Scaling to expand and contract the testing server pool based on demand Use AWS Systems Manager Automation to provision and de-provision the testing environments Invoke AWS Lambda functions to run the test scenarios Have AWS CloudFormation provision the stacks and resources needed for the testing environments
Have AWS CloudFormation provision the stacks and resources needed for the testing environments
A purchasing department staff member is setup as an AWS user in the company's procurement AWS account. At each month-end, the staff member needs access to an application running on EC2 in the company's accounts payable AWS account to reconcile reports. Which of the following provides the most secure and operationally efficient way to give the staff member access to the accounts payable application? Create a user for the staff member in the accounts payable AWS account Have the user request temporary security credentials for the application by assuming a role Configure Active Directory integration so that you can federate the staff member's access to the accounts payable AWS account Invoke an AWS Lambda function to run the application in the accounts payable AWS account
Have the user request temporary security credentials for the application by assuming a role
Which of the following best describes a system that is always available — without the need for human intervention?
Highly Available
Your company has updated its security policies to include cloud workloads as well as those running on-premises. Your manager would like a report of which technologies will require configuration changes. Which of the following will not be included in the report because they are the responsibility of AWS? Amazon Aurora data encryption Host operating systems S3 Access Control Lists Security Group firewalls
Host operating systems
Which of the following AWS services controls Authentication and Authorization within an AWS account? Access Control Lists AWS Shield Security Groups IAM
IAM
Which of the following are components of the Security Pillar of the AWS Well-Architected Framework?
IAM Detective Controls Infrastructure protection
Which of the following are principles of sound cloud design? Disposable resources Assume *everything* will fail. Limit the number of 3rd-party services. Infrastructure as code Tightly-coupled components Treat your servers like pets, not cattle. Scalability
Infrastructure as code Assume *everything* will fail Scalability Disposable resources
Which AWS service allows you to run code without having to worry about provisioning any underlying resources (such as virtual machines, databases etc.)
Lambda
Which of the following is AWS' event-driven, serverless compute service? Lambda Elastic Beanstalk Lightsail EC2
Lambda
You have a variable and intermittent workload, so you want to use a compute service that allows you to pay only for the compute resources you use, without paying for compute time when your code isn't running. Which of the following services should you use? Lambda ECS Lightsail EC2
Lambda
An online education company has customers on four continents. They need to run software functions to customize offerings for students in various locations around the globe based on parameters that each student enters. Which AWS service will provide this capability with the highest performance efficiency?
Lambda@Edge
Which of the following compute services is ideal if you need to run a simple website or a simple e-commerce application? Lambda EC2 Lightsail Elastic Beanstalk
Lightsail
Which of the following is AWS's responsibility under the AWS shared responsibility model? Configuring third-party applications Maintaining physical hardware Securing application access and data Managing custom Amazon Machine Images (AMIs)
Maintaining physical hardware
A mobile shopping list app needs to be able to add, delete, and update items on specific lists anytime a user desires. The backend for the app will run on Amazon EC2 instances with Auto Scaling to manage fluctuations in user demand. Many times, a user will perform maintenance on many list items in a single session. What design characteristic must be incorporated into the app for these requirements to be met? Implement session affinity Make sure the app doesn't need knowledge of previous transactions Leverage load balancing to distribute transactions to multiple nodes Use bootstrapping on the EC2 instances
Make sure the app doesn't need knowledge of previous transactions
With RDS, read-replicas are available for which of the following? MySQL Aurora Oracle MS SQLServer PostgreSQL MariaDB
MySQL Aurora Oracle PostgreSQL MariaDB
AWS VPC is a component of which of the following overall services categories?
Networking and Content Delivery
Which of the following are payment options for Reserved Instances? DURI PURI NURI AURI MURI
PURI NURI AURI (NAP)
Which of the following is a Shared Control of the AWS Shared Responsibility Model?
Patch Management
When considering the security of and AWS EC2 instance, which of the below are Users responsible for? Patching and maintenance of server hardware Physical and Environmental controls Patching and maintenance of OS & Applications Security Configuration
Patching and maintenance of OS & Applications Security Configuration
Amazon Lightsail is an example of which of the following? PaaS, FaaS, IaaS, Saas
Platform as a Service
An EC2 instance in your VPC needs which of the following for the Internet Gateway to route its traffic to the Internet? Public IP address Private IP address C-Name A-Namw
Public IP address
What happens when an RDS Master database in a Multi-AZ deployment goes down? The asynchronous replication of RDS Multi-AZ deployments means you will suffer some data loss. RDS automatically fails over to the standby, which is promoted to Master. You must use the AWS console to promote the standby to Master. You must copy the attached EBS volume to the standby.
RDS automatically fails over to the standby, which is promoted to Master.
Which of the following AWS services allows you to run complex analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance local disks, and massively parallel query execution.
Redshift
You need to store a collection of objects that can also be accessed from a different AWS Region. Which service should you use to do this? DynamoDB EBS S3 Elastic Container Service
S3
Which of the following are programmatic access types enabling users to interact with AWS services? SDK API CLI PHP
SDK API CLI
You need to find an item in a DynamoDB table using an attribute other than the item's primary key. Which of the following operations should you use?
Scan
For which of the following categories does AWS Trusted Advisor provide best practices and/or or checks of your AWS environment? Security Performance Availability of AWS resources Cost Optimization Right-size Fault Tolerance High-Availability
Security Performance Cost Optimization Fault Tolerance
Which of the following acts like built-in firewalls for your virtual servers? Availability Zones Route Tables Security Groups Network Access Control Lists
Security Groups
Which of the following are principles of sound design when it comes to reliability? Manage change at the individual resource level. When in doubt, over-provision. Stop guessing about your capacity requirements. Scale horizontally.
Stop guessing about your capacity requirements. Scale horizontally.
Common use cases for Amazon S3 include ________.
Storing application assets. Static web hosting.
A telecommunications company has his hired you as a consultant to develop a business case for moving its IT applications and infrastructure to AWS. The company's leadership understands the agility value of the cloud, but the finance group is not interested in shifting capital expense to operating expense due to the company's tax structure. What will you include in the business case to attempt to satisfy everyone at the company?
Suggest that the company make reserved instance purchases and capitalize them
I can interact with Glacier using ________.
The Java or .NET SDKs The AWS CLI Amazon S3 Lifecycle Policies The RESTful Glacier web service
With AWS Relational Database Service (RDS), you are responsible for which of the following? Scaling Operating system installation and patching Database backups The optimization of your application using RDS Database software installation and patching
The optimization of your application using RDS
In which order is a user granted access to AWS services? The user is Authorized, then Authenticated. The user is Authenticated, then Authorized to use AWS services.
The user is Authenticated, then Authorized to use AWS services.
True or False: A Distribution is what we call a series of Edge Locations that make up CDN.
True
True or False: AWS is responsible for the security of managed Foundation Services, such as Amazon RDS.
True
True or False: Customer responsibility for the security of services in the cloud vary by service.
True (AWS is responsible for the security of their Managed Services, and the customer is responsible for the security of applications running on services such as EC2.)
Which of the following are components of IAM? Users Roles Authenticator Permissions Groups Authorizer Access controls
Users Roles Permissions Groups
Which of the following features of an Amazon VPC can only exist in one Availability Zones at a time? a Subnet a Route Table None of these a Security Group
a Subnet
