AWS Practitioner
Which AWS service provides alerts when an AWS event may impact a company's AWS resources? · A. AWS Personal Health Dashboard · B. AWS Service Health Dashboard · C. AWS Trusted Advisor · D. AWS Infrastructure Event Management
A "AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you." Incorrect answers: While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources."
Which allows companies to track and categorize spending on a detailed level? · A. Cost allocation tags · B. Consolidated billing · C. AWS Budgets · D. AWS Marketplace
A "After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report, to make it easier for you to categorize and track your AWS costs"
Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links? · A. Availability Zone · B. Edge location · C. Region · D. Private networking
A "An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region."
Which of the following is an advantage of consolidated billing on AWS? · A. Volume pricing qualification · B. Shared access permissions · C. Multiple bills per account · D. Eliminates the need for tagging
A "If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization. AWS combines usage from all accounts in the organization to qualify you for volume pricing discounts."
Which AWS service allows companies to connect an Amazon VPC to an on-premises data center? · A. AWS VPN · B. Amazon Redshift · C. API Gateway · D. Amazon Connect
A There are two ways to connect on-premises to cloud. Over internet using VPN connection Over physical fiber cable using DirectConnect "AWS Virtual Private Network (VPN) solutions establish secure connections via the public internet between your on-premises networks, remote offices, client devices, and the AWS global network." Incorrect answers: --D--This is not Amazon DirectConnect. Amazon Connect is a different service entirely. Amazon Connect is an easy to use omnichannel cloud contact center that helps you provide superior customer service at a lower cost.
Which AWS services can host a Microsoft SQL Server database?(choose two) · A. Amazon EC2 · B. Amazon Relational Database Service (Amazon RDS) · C. Amazon Aurora · D. Amazon Redshift · E. Amazon S3
A, B EC2 can run any database RDS can use Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and Microsoft SQL Server. --INCORRECT ANSWERS— Aurora only supports MySql and PostgreSQL
Which services can be used across hybrid AWS Cloud architectures? (Choose two.) · A. Amazon Route 53 · B. Virtual Private Gateway · C. Classic Load Balancer · D. Auto Scaling · E. Amazon CloudWatch default metrics
A, B Route 53: Inbound query capability is provided by Route 53 Resolver Endpoints, allowing DNS queries that originate on-premises to resolve AWS hosted domains. Virtual Private Gateway: Its the anchor of a VPN connection on AWS side. This making it possible for a VPN connection to be established between AWS and on premises. --INCORRECT ANSWERS— --CloudWatch can be used for on-premise metrics or AWS metrics, however it is not used across the hybrid architecture --Application load balancers may be suitable but not classic load balancers
Which of the following are categories of AWS Trusted Advisor? (Choose two.) · A. Fault Tolerance · B. Instance Usage · C. Infrastructure · D. Performance · E. Storage Capacity
A, D "Like your customized cloud expert, AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: cost optimization, performance, security, fault tolerance and service limits."
Where can AWS compliance and certification reports be downloaded?[MC1] · A. AWS Artifact · B. AWS Concierge · C. AWS Certificate Manager · D. AWS Trusted Advisor
A "AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS's security and compliance reports and select online agreements."
A company wants to reduce the physical compute footprint that developers use to run code. Which service would meet that need by enabling serverless architectures? · A. Amazon Elastic Compute Cloud (Amazon EC2) · B. AWS Lambda · C. Amazon DynamoDB · D. AWS CodeCommit
B "AWS Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time that you consume—there is no charge when your code is not running. With Lambda, you can run code for virtually any type of application or backend service, all with zero administration. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging."
Under the shared responsibility model, which of the following is the customer responsible for? · A. Ensuring that disk drives are wiped after use. · B. Ensuring that firmware is updated on hardware devices. · C. Ensuring that data is encrypted at rest. · D. Ensuring that network cables are category six or higher.
C "Data configuration (i.e. encrypting data at rest and in transit) is responsibility of the customer"
Which is a recommended pattern for designing a highly available architecture on AWS? · A. Ensure that components have low-latency network connectivity. · B. Run enough Amazon EC2 instances to operate at peak load. · C. Ensure that the application is designed to accommodate failure of any single component. · D. Use a monolithic application that handles all operations.
C Highly available systems are reliable in the sense that they continue operating even when critical components fail. They are also resilient, meaning that they are able to simply handle failure without service disruption or data loss, and seamlessly recover from such failure.
Which AWS service can be used to manually launch instances based on resource requirements? · A. Amazon EBS · B. Amazon S3 · C. Amazon EC2 · D. Amazon ECS
C Keyword is instances. "Customer can launch from a huge variety of EC2 instance types depending on exactly what they require, e.g. OS, RAM, storage space, security controls, etc..."
1. Which AWS service provides the ability to manage infrastructure as code? · A. AWS CodePipeline · B. AWS CodeDeploy · C. AWS Direct Connect · D. AWS CloudFormation
D "AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This file serves as the single source of truth for your cloud environment."
What technology enables compute capacity to adjust as loads change? · A. Load balancing · B. Automatic failover · C. Round robin · D. Auto Scaling
D "Load balancers distribute workloads across several instances , it only distribute to instances available (it doesn't add or change) but with auto scaling when the traffic gets too high it automatically add more instances to handle the traffic and vice versa"
Which of the following is a shared control between the customer and AWS? · A. Providing a key for Amazon S3 client-side encryption · B. Configuration of an Amazon EC2 instance · C. Environmental controls of physical AWS data centers · D. Awareness and training
D AWS trains AWS employees, but a customer must train their own employees.
Which of the following is a benefit of using the AWS Cloud? · A. Permissive security removes the administrative burden. · B. Ability to focus on revenue-generating activities. · C. Control over cloud network hardware. · D. Choice of specific cloud hardware vendors.
B "AWS does the heavy lifting of data center operations like racking, stacking, and powering servers. It also removes the operational burden of managing operating systems and applications with managed services. This allows you to focus on your customers and business projects rather than on IT infrastructure."
Which is the MINIMUM AWS Support plan that allows for one-hour target response time for support cases? · A. Enterprise · B. Business · C. Developer · D. Basic
B Enterprise: As little as 15 mins Business: As little as 1 hour Developer: As little as 12 hours Notes: These times are for the most urgent cases for each support level. See (https://aws.amazon.com/premiumsupport/plans/) for more information.
Which of the following is a fast and reliable NoSQL database service? · A. Amazon Redshift · B. Amazon RDS · C. Amazon DynamoDB · D. Amazon S3
C "Amazon DynamoDB is a fast and flexible NoSQL database service for any scale. It is a key-value and document database that delivers single-digit millisecond performance at any scale. It's a fully managed, multiregion, multimaster, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications"
If a customer needs to audit the change management of AWS resources, which of the following AWS services should the customer use? · A. AWS Config · B. AWS Trusted Advisor · C. Amazon CloudWatch · D. Amazon Inspector
A "AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting." Incorrect Answers: --B-- AWS Trusted Advisor : best practice assessments, wrong. --C-- Amazon CloudWatch : performance monitoring, wrong. --D-- Amazon Inspector : automated security assessments, wrong.
A customer needs to run a MySQL database that easily scales. Which AWS service should they use? · A. Amazon Aurora · B. Amazon Redshift · C. Amazon DynamoDB · D. Amazon ElastiCache
A "Amazon Aurora supports MySQL and will automatically grow the size of your database volume as your database storage needs grow, up to a maximum of 64 TB or a maximum you define."
Which of the following is an AWS managed Domain Name System (DNS) web service? · A. Amazon Route 53 · B. Amazon Neptune · C. Amazon SageMaker · D. Amazon Lightsail
A "Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other."
What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval? · A. Amazon S3 · B. Amazon Glacier · C. Amazon EBS · D. Amazon EC2 Instance Store
A "Amazon Simple Storage Service (Amazon S3) provides developers and IT teams secure, durable, highly scalable object storage at a very low cost. You can store and retrieve any amount of data, at any time, from anywhere on the web through a simple web service interface. You can write, read, and delete objects containing from zero to 5 TB of data. Amazon S3 is highly scalable, allowing concurrent read or write access to data by many separate clients or application threads" S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access and S3 One Zone- Infrequent Access all have millisecond first byte latency "Traffic between Amazon EC2 and Amazon S3 can leverage up to 100 Gbps of bandwidth to VPC endpoints and public IPs in the same Region." Incorrect Answers: --EBS would require constant running of an EC2 instance to achieve the same retrieval speeds. Multiple EBS volume snapshots would need to be utilised to achieve the same reliability and durability as S3. Overall the cost would be higher. --Glacier is also wrong, because it is compared to S3 ultra slow to restore your backup from there as fast data retrieval times are traded off for a lower price. --EC2 Instance store is only ideal for temporary storage, because the data stored in instance store volumes is not persistent through instance stops, terminations, or hardware failures.
Where should a company go to search software listings from independent software vendors to find, test, buy and deploy software that runs on AWS?[MC1] · A. AWS Marketplace · B. Amazon Lumberyard · C. AWS Artifact · D. Amazon CloudSearch
A "The AWS Marketplace enables qualified partners to market and sell their software to AWS Customers. AWS Marketplace is an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS. AWS Marketplace is designed for Independent Software Vendors (ISVs), Value-Added Resellers (VARs), and Systems Integrators (SIs) who have software products they want to offer to customers in the cloud. Partners use AWS Marketplace to be up and running in days and offer their software products to customers around the world. Customers can quickly launch pre-configured software with just a few clicks, and choose software solutions in Amazon Machine Images (AMIs) and software as a service (SaaS) formats, as well as other formats. Additionally, you can browse and subscribe to data products. Flexible pricing options include free trial, hourly, monthly, annual, multi-year, and BYOL (Bring Your Own License), and get billed from one source. AWS handles billing and payments, and charges appear on customers' AWS bill."
When performing a cost analysis that supports physical isolation of a customer workload, which compute hosting model should be accounted for in the Total Cost of Ownership (TCO)? · A. Dedicated Hosts · B. Reserved Instances · C. On-Demand Instances · D. No Upfront Reserved Instances
A "Use Dedicated Hosts to launch Amazon EC2 instances on physical servers that are dedicated for your use. Dedicated Hosts give you additional visibility and control over how instances are placed on a physical server, and you can reliably use the same physical server over time. As a result, Dedicated Hosts enable you to use your existing server-bound software licenses like Windows Server and address corporate compliance and regulatory requirements."
What approach to transcoding a large number of individual video files adheres to AWS architecture principles? · A. Using many instances in parallel · B. Using a single large instance during off-peak hours · C. Using dedicated hardware · D. Using a large GPU instance type
A A is correct because it is aligned with the reliability Design Principles and Best Practices of scaling horizontally. "Reliability Design Principles and Best Practices ... Scale horizontally: to increase aggregate workload availability. Replace one large resource with multiple small resources to reduce the impact of a single failure on the overall workload. Distribute requests across multiple, smaller resources to ensure that they don't share a common point of failure."
How would an AWS customer easily apply common access controls to a large set of users? · A. Apply an IAM policy to an IAM group. · B. Apply an IAM policy to an IAM role. · C. Apply the same IAM policy to all IAM users with access to the same workload. · D. Apply an IAM policy to an Amazon Cognito user pool.
A Instead of defining permissions for individual IAM users, it's usually more convenient to: --create IAM groups that relate to job functions (administrators, developers, accounting, etc.). --Next, define the relevant permissions for each group. --Assign IAM users to those groups. --All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. --As people move around in your company, you can simply change what IAM group their IAM user belongs to. Notes: --User: Permanent named operator (human or machine) --Group: Collection of users --Role: Authentication method, not permissions. A role is an operator (human or machine). Credentials are temporary --Policy docs: Permissions attached to any of the previous 3. Lists specific APIs that are allowed.
Which of the following AWS Cloud services can be used to run a customer-managed relational database? · A. Amazon EC2 · B. Amazon Route 53 · C. Amazon ElastiCache · D. Amazon DynamoDB
A Key phrase is 'customer-managed' EC2 can be used to run a relational database on whatever operating system the EC2 instance is using e.g. Microsoft SQL Server running on Microsoft Windows Server 2016. Incorrect Answers: --DynamoDB is NOSQL type, not a relational database and so is not a correct answer --Route 53 is a DNS service, nothing related to databases --Elasticache relates to in-memory data stores in the cloud, not really to do with databases at all
The financial benefits of using AWS are: (Choose two.) · A. reduced Total Cost of Ownership (TCO). · B. increased capital expenditure (capex). · C. reduced operational expenditure (opex). · D. deferred payment plans for startups. · E. business credit lines for startups.
A, C "CapEx (capital expenditure) is defined as business expenses incurred in order to create long-term benefits in the future, such as purchasing fixed assets like a building or equipment. Some examples of IT items that fall under this category would be whole systems and servers, printers and scanners, or air conditioners and generators. You buy these items once and they benefit your business for many, many years. Maintenance of such items is also considered CapEx, as it extends their lifetime and usefulness. Capex can also be defined as Total Cost of Ownership (TCO). OpEx (operating expenditure), the expenses to run day-to-day business, like services and consumable items that get used up and are paid for according to use. This includes printer cartridges and paper, electricity, and even yearly services like website hosting or domain registrations. These things are necessary for your business's success but are not considered major long-term investments like CapEx items. The cloud allows you to trade high initial CapEx (such as data centers and physical servers) for a variable OpEx model, and only pay for IT as you consume it. Plus, the variable OpEx expenses are much lower than what you would pay to do it yourself because of the massive economies of scale that AWS has created." --A-- TCO is reduced to zero with AWS because you do no purchase any hardward, building space, etc... Your initial investment is basically £0 --C-- When you start using AWS your OpEx actually reduces because AWS allows for elasticity, so you pay for what you use, unlike if you have to use own resources where your OpEx never reduces. Also because of the huge economies of scale that AWS employs, you will benefit from lower OpEx because AWS will make savings through this, which are passed onto the customer.
A customer is deploying a new application and needs to choose an AWS Region. Which of the following factors could influence the customer's decision? (Choose two.) · A. Reduced latency to users · B. The application's presentation in the local language · C. Data sovereignty compliance · D. Cooling costs in hotter climates · E. Proximity to the customer's office for on-site visits
A, C -- Costs of the AWS Services can be different for each region because the cost, taxes, manpower, etc for the physical infrastructure and data centers are different from Region to Region. --Latency depends on physical location. When your application is being accessed by your users, it should be blazing fast. So you need to identify the locations of your target audience and choose the region having a smaller latency for your customers. --Data sovereignty compliance differs across the nations of the world. Considerations will need to be taken when using AWS in an unfamiliar location. --Most of the AWS Services and features are Region dependent, and just a few ones are Region independent. Also, sometimes it happens that some services are not available in all the regions
Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Choose two.) · A. Ensuring that application data is encrypted at rest · B. Ensuring that AWS NTP servers are set to the correct time · C. Ensuring that users have received security training in the use of AWS services · D. Ensuring that access to data centers is restricted · E. Ensuring that hardware is disposed of properly
A, C --A-- "The customer: --assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. --should carefully consider the services they choose as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. --is responsible for data configuration (i.e. encrypting data at rest and in transit)" --C-- "Shared Controls - Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: --Patch Management - AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. --Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. --Awareness & Training - AWS trains AWS employees, but a customer must train their own employees."
Which of the following are valid ways for a customer to interact with AWS services? (Choose two.) · A. Command line interface · B. On-premises · C. Software Development Kits · D. Software-as-a-service · E. Hybrid
A, C There are three ways to interact with AWS Services: --AWS Management Console - Graphical interface to access AWS features) --Command Line Interface (CLI) - Lets you control AWS services from command line --Software Development Kits (SDK) - Enable you to access AWS using a variety of popular programming languages
What is one of the advantages of the Amazon Relational Database Service (Amazon RDS)? (choose three) · A. It simplifies relational database administration tasks. · B. It provides 99.99999999999% reliability and durability. · C. It automatically scales databases for loads. · D. It enabled users to dynamically adjust CPU and RAM resources.
A, C, D A - RDS makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks, such as, hardware provisioning, database setup, patching and backups. C - Amazon RDS now supports Storage Auto Scaling D - You can scale the compute and memory resources powering your deployment up or down, up to a maximum of 32 vCPUs and 244 GiB of RAM. Compute scaling operations typically complete in a few minutes. Incorrect answers: B - is S3 reliability and durability figures
Which AWS services are defined as global instead of regional? (Choose two.) · A. Amazon Route 53 · B. Amazon EC2 · C. Amazon S3 · D. Amazon CloudFront · E. Amazon DynamoDB
A, D --A— "Using a global anycast network of DNS servers around the world, Amazon Route 53 is designed to automatically route your users to the optimal location depending on network conditions. As a result, the service offers low query latency for your end users, as well as low update latency for your DNS record management needs." --D-- "Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment." Incorrect answers: S3 - Has a global reach but data is stored regionally. S3 buckets are created within the selected region. Objects stored are replicated across Availability Zones to provide high durability but are not cross region replicated unless done explicitly.
Which of the following are advantages of AWS consolidated billing? (Choose two.) · A. The ability to receive one bill for multiple accounts · B. Service limits increasing by default in all accounts · C. A fixed discount on the monthly bill · D. Potential volume discounts, as usage in all accounts is combined · E. The automatic extension of the master account's AWS support plan to all accounts
A, D AWS Organizations is an account management service that lets you consolidate multiple AWS accounts into an organization that you create and centrally manage. Allows you to: --programmatically create new AWS accounts and allocate resources --group accounts to organize your workflows --apply policies to accounts or groups for governance --define central configurations and audit requirements --simplify billing by centralising it and using a single payment method for all of your account. These account management and consolidated billing capabilities enable you to better meet the budgetary, security, and compliance needs of your business. --control access, manage compliance, coordinate security mechanisms (including restricting the AWS services, resources, and individual API actions accessible by specific users, groups and roles) --share resources across your AWS accounts. --combine usage from all accounts in the organization to qualify you for volume pricing discounts. If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization. Incorrect answers: AWS Support plans on the master account of an organization do not automatically apply to member accounts in the organization
Which service should a customer use to consolidate and centrally manage multiple AWS accounts? · A. AWS IAM · B. AWS Organizations · C. AWS Schema Conversion Tool · D. AWS Config
B "AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. As an administrator of an organization, you can create accounts in your organization and invite existing accounts to join the organization. Allows you to: --programmatically create new AWS accounts and allocate resources --group accounts to organize your workflows --apply policies to accounts or groups for governance --define central configurations and audit requirements --simplify billing by centralising it and using a single payment method for all of your account. These account management and consolidated billing capabilities enable you to better meet the budgetary, security, and compliance needs of your business. --control access, manage compliance, coordinate security mechanisms (including restricting the AWS services, resources, and individual API actions accessible by specific users, groups and roles) --share resources across your AWS accounts. --combine usage from all accounts in the organization to qualify you for volume pricing discounts. If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization."
Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance? · A. AWS Cost Explorer · B. AWS Trusted Advisor · C. Consolidated billing · D. Detailed billing
B "AWS Trusted Advisor is an application that draws upon best practices learned from AWS' aggregated operational history of serving hundreds of thousands of AWS customers. Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance, or closing security gaps."
Which of the following Identity and Access Management (IAM) entities is associated with an access key ID and secret access key when using AWS Command Line Interface (AWS CLI)? · A. IAM group · B. IAM user · C. IAM role · D. IAM policy
B "Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK)." Incorrect Answers: --IAM policies don't have access keys. The only way you will ever get an Access key is to create them from an IAM user to use.
What is Amazon CloudWatch? · A. A code repository with customizable build and team commit features. · B. A metrics repository with customizable notification thresholds and channels. · C. A security configuration repository with threat analytics. · D. A rule repository of a web application firewall with automated vulnerability prevention features.
B "Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. You can use CloudWatch to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers." Notes: If question mentions metrics then CloudWatch is likely the answer. If question mentions APIs then the answer is likely CloudTrail
Which AWS service should be used for long-term, low-cost storage of data backups? · A. Amazon RDS · B. Amazon Glacier · C. AWS Snowball · D. AWS EBS
B "Amazon S3 Glacier is a secure, durable, and low-cost storage class of S3 for data archiving and long-term backup. Customers can store large or small amounts of data for as little as $0.004 per gigabyte per month. The S3 Glacier storage class is ideal for archives where data is regularly retrieved and some of the data may be needed in minutes." Incorrect Answers: Amazon RDS is a relational database service that hosts databases. It helps you create and manage databases. Amazon Snowball is a petabyte-scale data transfer service that provides cost efficient data transfer to AWS from tamper proof physical devices. Elastic block storage offers persistent block storage volumes for EC2 instances.
Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance? · A. Amazon Elastic Block Store (Amazon EBS) · B. Amazon Machine Image · C. Amazon EC2 Systems Manager · D. Amazon AppStream 2.0
B "An Amazon Machine Image is a special type of virtual appliance that is used to create a virtual machine within the Amazon Elastic Compute Cloud. It serves as the basic unit of deployment for services delivered using EC2." "An Amazon Machine Image (AMI) provides the information required to launch an instance. You must specify an AMI when you launch an instance. You can launch multiple instances from a single AMI when you need multiple instances with the same configuration. You can use different AMIs to launch instances when you need instances with different configurations."
Which service enables risk auditing by continuously monitoring and logging account activity, including user actions in the AWS Management Console and AWS SDKs? · A. Amazon CloudWatch · B. AWS CloudTrail · C. AWS Config · D. AWS Health
B "CloudTrail - Track user activity and API usage. Helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs." --INCORRECT ANSWERS— --CloudWatch Logs - reports on application logs. --CloudWatch Events - is a near real time stream of system events describing changes to your AWS resources. --AWS Health - provides ongoing visibility into your resource performance and the availability of your AWS services and accounts. You can use AWS Health events to learn how service and resource changes might affect your applications running on AWS. AWS Health provides relevant and timely information to help you manage events in progress. AWS Health also helps you be aware of and to prepare for planned activities. The service delivers alerts and notifications triggered by changes in the health of AWS resources, so that you get near-instant event visibility and guidance to help accelerate troubleshooting.
Which statement best describes Elastic Load Balancing? · A. It translates a domain name into an IP address using DNS. · B. It distributes incoming application traffic across one or more Amazon EC2 instances. · C. It collects metrics on connected Amazon EC2 instances. · D. It automatically adjusts the number of Amazon EC2 instances to support incoming traffic.
B "Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, Lambda functions, and virtual appliances. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers four types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant. Elastic Load Balancing scales with web traffic." Incorrect answers: --D-- This is related to AutoScaling and not Load Balancing
Which AWS IAM feature allows developers to access AWS services through the AWS CLI? · A. API keys · B. Access keys · C. User names/Passwords · D. SSH keys
B "IAM users can be assigned an access key ID and secret access key for programmatic access to the AWS API (Application Programme Interface), CLI (Command Line Interface), SDK (Software Development Kit), and other development tools. Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. If you don't have access keys, you can create them from the AWS Management Console. The only time that you can view or download the secret access key is when you create the keys. You cannot recover them later. However, you can create new access keys at any time." Incorrect Answers: --D--SSH keys is needed to direct connect and login into an EC2 instance and not to access AWS services. SSH is not required to use AWS CLI.
According to best practices, how should an application be designed to run in the AWS Cloud? · A. Use tightly coupled components. · B. Use loosely coupled components. · C. Use infrequently coupled components. · D. Use frequently coupled components.
B "Loose coupling - As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components."
How many Availability Zones should compute resources be provisioned across to achieve high availability? · A. A minimum of one · B. A minimum of two · C. A minimum of three · D. A minimum of four or more
B "Most providers of real-time communications align with service levels that provide availability from 99.9% to 99.999%. Depending on the degree of high availability (HA) that you want, you must take increasingly sophisticated measures along the full lifecycle of the application. We recommend following these guidelines to achieve a robust degree of high availability: --Design the system to have no single point of failure. Use automated monitoring, failure detection, and failover mechanisms for both stateless and stateful components --Single points of failure (SPOF) are commonly eliminated with an N+1 or 2N redundancy configuration, where N+1 is achieved via load balancing among active-active nodes, and 2N is achieved by a pair of nodes in active-standby configuration. --AWS has several methods for achieving HA through both approaches, such as through a scalable, load balanced cluster or assuming an active-standby pair. --Correctly instrument and test system availability. --Prepare operating procedures for manual mechanisms to respond to, mitigate, and recover from the failure.
Under the shared responsibility model, which of the following is a shared control between a customer and AWS? · A. Physical controls · B. Patch management · C. Zone security · D. Data center auditing
B "Shared Controls: --Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: --Patch Management - AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. --Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. --Awareness & Training - AWS trains AWS employees, but a customer must train their own employees."
Which feature of the AWS Cloud will support an international company's requirement for low latency to all of its customers? · A. Fault tolerance · B. Global reach · C. Pay-as-you-go pricing · D. High availability
B "The AWS Global Infrastructure is built for performance. AWS Regions offer low latency, low packet loss, and high overall network quality. This is achieved with a fully redundant 100 GbE fiber network backbone, often providing many terabits of capacity between Regions. AWS Local Zones and AWS Wavelength, with our telco providers, provide performance for applications that require single-digit millisecond latencies by delivering AWS infrastructure and services closer to end-users and 5G connected devices. Whatever your application needs, you can quickly spin up resources as you need them, deploying hundreds or even thousands of servers in minutes." Incorrect Answers: --Higher availability - this question isn't related to availability, as the resources for higher availability are triggered only during a failure.
What is the AWS customer responsible for according to the AWS shared responsibility model? · A. Physical access controls · B. Data encryption · C. Secure disposal of storage devices · D. Environmental risk management
B "The customer: --assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. --should carefully consider the services they choose as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations. --is responsible for data configuration (i.e. encrypting data at rest and in transit)"
Which service allows a company with multiple AWS accounts to combine its usage to obtain volume discounts? · A. AWS Server Migration Service · B. AWS Organizations · C. AWS Budgets · D. AWS Trusted Advisor · E. Amazon Quicksight · F. Amazon Forecast
B "Use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts. Every organization in AWS Organizations has a master account that pays the charges of all the member accounts. Consolidated billing has the following benefits: One bill - You get one bill for multiple accounts. Easy tracking - You can track the charges across multiple accounts and download the combined cost and usage data. Combined usage - You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts. No extra fee - Consolidated billing is offered at no additional cost."
For which auditing process does AWS have sole responsibility? · A. AWS IAM policies · B. Physical security · C. Amazon S3 bucket policies · D. AWS CloudTrail Logs
B AWS responsibility "Security of the Cloud" - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the physical hardware, software, networking, and facilities that run AWS Cloud services.
Which of the following services will automatically scale with an expected increase in web traffic? · A. AWS CodePipeline · B. Elastic Load Balancing · C. Amazon EBS · D. AWS Direct Connect
B Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, Lambda functions, and virtual appliances. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers four types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant. Incorrect answers: --A & C -- has nothing to do with web traffic --D-- Direct Connect is a network connection, which is more about just enabling private network traffic between AWS and an on-premises location in the first place
The AWS Cloud's multiple Regions are an example of: · A. agility. · B. global infrastructure. · C. elasticity. · D. pay-as-you-go pricing.
B Global infrastructure > Regions > Availability Zones "The AWS Global Cloud Infrastructure is the most secure, extensive, and reliable cloud platform, offering over 200 fully featured services from data centers globally. Whether you need to deploy your application workloads across the globe in a single click, or you want to build and deploy specific applications closer to your end-users with single-digit millisecond latency, AWS provides you the cloud infrastructure where and when you need it. With millions of active customers and tens of thousands of partners globally, AWS has the largest and most dynamic ecosystem. Customers across virtually every industry and of every size, including start-ups, enterprises, and public sector organizations, are running every imaginable use case on AWS 25 regions 80 availability zones 230+ points of presence"
Which of the following is an AWS Cloud architecture design principle?[MC1] · A. Implement single points of failure. · B. Implement loose coupling. · C. Implement monolithic design. · D. Implement vertical scaling.
B Loose coupling is a part of the 'Reliability Design Principles and Best Practices' "In computing and systems design a loosely coupled system is one in which each of its components has, or makes use of, little or no knowledge of the definitions of other separate components. Subareas include the coupling of classes, interfaces, data, and services. ... Loose coupling between services can also be done through asynchronous integration. It involves one component that generates events and another that consumes them. The two components do not integrate through direct point-to-point interaction, but usually through an intermediate durable storage layer. This approach decouples the two components and introduces additional resiliency. So, for example, if a process that is reading messages from the queue fails, messages can still be added to the queue to be processed when the system recovers."
1Which of the following steps should be taken by a customer when conducting penetration testing on an AWS ? · A. Conduct penetration testing using Amazon Inspector, and then notify AWS support. · B. Request and wait for approval from the customer's internal security team, and then conduct testing. · C. Notify AWS support, and then conduct testing immediately. · D. Request and wait for approval from AWS support, and then conduct testing.
B No need prior approval from AWS for below services. Once approval received from internal security team the testing can go ahead (as long as the service is on this list, otherwise see 'Notes' section below) ====== "Permitted Services." ====== Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers Amazon RDS Amazon CloudFront Amazon Aurora Amazon API Gateways AWS Lambda and Lambda Edge functions Amazon Lightsail resources Amazon Elastic Beanstalk environments ======== "AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 "Permitted Services". Please ensure that these activities are aligned with the policy set out below. Note: Customers are not permitted to conduct any security assessments of AWS infrastructure, or the AWS services themselves. If you discover a security issue within any AWS services in the course of your security assessment, please contact AWS Security immediately. If AWS receives an abuse report for activities related to your security testing, we will forward it to you. When responding, please provide the root cause of the reported activity, and detail what you've done to prevent the reported issue from recurring. Learn more here. Resellers of AWS services are responsible for their customer's security testing activity." Notes: Requesting Authorization for Other Simulated Events - Please submit a Simulated Events form to contact us directly. Be sure to include dates, accounts involved, assets involved, and contact information, including phone number and detailed description of planned events. You should expect to receive a non-automated response to your initial contact within 2 business days confirming receipt of your request.
Which of the following is a correct relationship between regions, Availability Zones, and edge locations? · A. Data centers contain regions. · B. Regions contain Availability Zones. · C. Availability Zones contain edge locations. · D. Edge locations contain regions.
B Region is a geographical area that has two or more Availability Zones. Each Region is completely independent. Availability Zone (AZ) is an area with either one or more discrete Data Centres (building filled with servers), each with redundant power, networking, and connectivity, housed in separate facilities. If there are more than one data centre, they are counted as one AZ because they are located close together. Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links. --NOTES-- --Edge Locations are endpoints used for caching content. They are located in most of the major cities around the world and are specifically used by CloudFront to distribute AWS content closer to end-users to reduce latency.
A characteristic of edge locations is that they: · A. host Amazon EC2 instances closer to users. · B. help lower latency and improve performance for users. · C. cache frequently changing data without reaching the origin server. · D. refresh data changes daily.
B The edge locations help to improve performance for your users while lowering the operational burden and cost of scaling your origin resources. "Edge Locations are endpoints used for caching content. They are located in most of the major cities around the world and are specifically used by CloudFront to distribute AWS content closer to end-users to reduce latency
Which of the following services could be used to deploy an application to servers running on-premises? (Choose two.) · A. AWS Elastic Beanstalk · B. AWS OpsWorks · C. AWS CodeDeploy · D. AWS Batch · E. AWS X-Ray
B, C "AWS OpsWorks: lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments." "AWS CodeDeploy: is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers."
Which of the following security-related services does AWS offer? (Choose two.) · A. Multi-factor authentication physical tokens · B. AWS Trusted Advisor security checks · C. Data encryption · D. Automated penetration testing · E. Amazon S3 copyrighted content detection
B, C --B-- Trust Advisor gives recommendations on performance, service quotas, cost optimisation, security and fault tolerance --C-- "AWS offers you the ability to add a layer of security to your data at rest in the cloud, providing scalable and efficient encryption features. These include: --Data at rest encryption capabilities available in most AWS services, such as Amazon EBS, Amazon S3, Amazon RDS, Amazon Redshift, Amazon ElastiCache, AWS Lambda, and Amazon SageMaker --Flexible key management options, including AWS Key Management Service, that allow you to choose whether to have AWS manage the encryption keys or enable you to keep complete control over your own keys --Dedicated, hardware-based cryptographic key storage using AWS CloudHSM, allowing you to help satisfy your compliance requirements --Encrypted message queues for the transmission of sensitive data using server-side encryption (SSE) for Amazon SQS --APIs for you to integrate encryption and data protection with any of the services you develop or deploy in an AWS environment." Incorrect Answers: A is incorrect because it uses the word "Physical" which is not correct - you don't get anything physical delivered to your house with MFA - MFA is purely virtual
Which AWS tools assist with estimating costs? (Choose three.) · A. Detailed billing report · B. Cost allocation tags · C. AWS Pricing Calculator · D. AWS Total Cost of Ownership (TCO) Calculator · E. Cost Estimator
B, C, D B - To forecast your costs, use the AWS Cost Explorer. Use cost allocation tags to divide your resources into groups, and then estimate the costs for each group. C - To estimate a bill, use the AWS Pricing Calculator (formerly AWS Simply Monthly Calculator) D - AWS Total Cost of Ownership (TCO) Calculator to compare the cost of running your applications in an on-premises or colocation environment to AWS. --INCORRECT ANSWERS— E - Likely a trick to make people think of Cost Explorer, I don't think there is such a thing as 'Cost Estimator'
Under the AWS shared responsibility model, which of the following activities are the customer's responsibility? (Choose two.) · A. Patching operating system components for Amazon Relational Database Server (Amazon RDS) · B. Encrypting data on the client-side · C. Training the data center staff · D. Configuring Network Access Control Lists (ACL) · E. Maintaining environmental controls within a data center
B, D --B-- Data configuration is the responsibility of the customer (i.e. encrypting data at rest and in transit) --D-- A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. ACLs are the customer's responsibility. Notes: --You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. Security groups and ACLs are different things.
Which of the following AWS services can be used to serve large amounts of online video content with the lowest possible latency? (Choose two.) · A. AWS Storage Gateway · B. Amazon S3 · C. Amazon Elastic File System (EFS) · D. Amazon Glacier · E. Amazom CloudFront
B, E "Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront offers the most advanced security capabilities, including field level encryption and HTTPS support, seamlessly integrated with AWS Shield, AWS Web Application Firewall and Route 53 to protect against multiple types of attacks including network and application layer DDoS attacks. These services co-reside at edge networking locations - globally scaled and connected via the AWS network backbone - providing a more secure, performant, and available experience for your users. CloudFront works seamlessly with any AWS origin, such as Amazon S3, Amazon EC2, Elastic Load Balancing, or with any custom HTTP origin. You can customize your content delivery through CloudFront using the secure and programmable edge computing feature AWS Lambda@Edge."
Which AWS services should be used for read/write of constantly changing data? (Choose two.) · A. Amazon Glacier · B. Amazon RDS · C. AWS Snowball · D. Amazon Redshift · E. Amazon EFS
B, E "Data that must be updated very frequently might be best served by a storage solution with lower read/write latencies, such as Amazon EBS, Amazon RDS, Amazon EFS, Amazon DynamoDB, or relational databases running on Amazon EC2." --RDS is a managed service for relational databases like MySQL and MariaDB. Simple and fast to setup and scale. --EFS is a cloud native service for network attachable storages to mount on multiple EC2 instances. It is one of the most expensive storage options on AWS but it is a managed service, is fault tolerant and with 'Amazon EFS Infrequent Access' it is can be more affordable. Incorrect answers: Amazon Glacier is a data archiving service with relatively slow data retrieval times
Which of the following are characteristics of Amazon S3? (Choose two.) · A. A global file system · B. An object store · C. A local file store · D. A network file system · E. A durable storage system
B, E "S3 is a "global" service (available on every region however it is not truly global because while you can replicate your buckets/objects across regions for reliability & disaster recovery purposes, by default S3 objects sit only in one region though they are stored on multiple devices across multiple Availability Zones. S3 provides developers and IT teams with secure, durable, highly-scalable binary object storage. It has a simple, easy to use, web services interface to store and retrieve any amount of data from anywhere on the web. S3 is a safe Object-based storage for e.g. picture, text files, videos NOT databases, application or OS. S3 is 99.999999999% Designed for durability" --INCORRECT ANSWERS-- --It is not global because while you can replicate your buckets/objects across regions for reliability & disaster recovery purposes, by default S3 objects sit only in one region though they are stored on multiple devices across multiple Availability Zones. --Definitely not a local file store --S3 is not a file system. It's a binary object store that stores data in key-value pairs. It's essentially a type of NoSQL database. Each bucket is a new "database", with keys being your "folder path" and values being the binary objects (files). It's presented like a file system and people tend to use it like one. Underneath, however, it's not a file system at all and lacks many of the common traits of a file system.
Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster? (Choose two.) · A. AWS Concierge · B. AWS CloudFormation · C. Amazon Simple Storage Service (Amazon S3) · D. Amazon EC2 Auto Scaling · E. AWS Management Console
B, E --B-- Cloudformation - "Speed up cloud provisioning with infrastructure as code. Gives you an easy way to model a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their lifecycles, by treating infrastructure as code (IaC)." --E-- "AWS Management Console - Graphical interface to access AWS features" Incorrect answers: "Your AWS Concierge is a senior customer service agent who is assigned to your account when you subscribe to an Enterprise or qualified Reseller Support plan." - nothing to do with launching databases
1. Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software licenses? · A. Spot Instances · B. Reserved Instances · C. Dedicated Hosts · D. On-Demand Instances
C "A Dedicated Host is a physical EC2 server dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server (subject to your license terms), and can also help you meet compliance requirements."
A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house. Which of the following AWS programs can a customer take advantage of to achieve that outcome? · A. AWS Partner Network Technology Partners · B. AWS Marketplace · C. AWS Partner Network Consulting Partners · D. AWS Service Catalogue
C "APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their journey to the cloud." --INCORRECT ANSWERS-- --APN Technology Partners provide specific solutions such as SAP, Tableau, and Infor. The question says that the company lacks of cloud expertise and the support APN Tech Partners can make is limited. APN Consulting Partners can give wider range of support in that they can provide architecturing, implementation, and so on...
Where are AWS compliance documents, such as an SOC 1 report, located? · A. Amazon Inspector · B. AWS CloudTrail · C. AWS Artifact · D. AWS Certificate Manager
C "AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA)."
What is the benefit of using AWS managed services, such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)? · A. They require the customer to monitor and replace failing instances. · B. They have better performance than customer-managed services. · C. They simplify patching and updating underlying OSs. · D. They do not require the customer to optimize instance type or size selections.
C "AWS Managed Services takes care of all of your patching and backup activities to help keep your resources current and secure. When updates or patches are released by OS vendors, AWS Managed Services applies them in a timely and consistent manner to minimize the impact on your business Critical security patches are applied immediately, while others are applied based on the patch schedule you request. Backups of Stacks are automated using Amazon Elastic Block Store (EBS) and RDS snapshots, and can be restored in the event of a failure or outage, ensuring business continuity." (https://aws.amazon.com/managed-services/features/)
A customer is using multiple AWS accounts with separate billing. How can the customer take advantage of volume discounts with minimal impact to the AWS resources? · A. Create one global AWS acount and move all AWS resources to that account. · B. Sign up for three years of Reserved Instance pricing up front. · C. Use the consolidated billing feature from AWS Organizations. · D. Sign up for the AWS Enterprise support plan to get volume discounts.
C "AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. As an administrator of an organization, you can create accounts in your organization and invite existing accounts to join the organization. Allows you to: --programmatically create new AWS accounts and allocate resources --group accounts to organize your workflows --apply policies to accounts or groups for governance --define central configurations and audit requirements --simplify billing by centralising it and using a single payment method for all of your account. These account management and consolidated billing capabilities enable you to better meet the budgetary, security, and compliance needs of your business. --control access, manage compliance, coordinate security mechanisms (including restricting the AWS services, resources, and individual API actions accessible by specific users, groups and roles) --share resources across your AWS accounts. --combine usage from all accounts in the organization to qualify you for volume pricing discounts. If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization."
Which of the Reserved Instance (RI) pricing models can change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value? · A. Dedicated RIs · B. Scheduled RIs · C. Convertible RIs · D. Standard RIs
C "Convertible RIs provide a discount and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. Like Standard RIs, Convertible RIs are best suited for steady-state usage."
Which of the following is the customer's responsibility under the AWS shared responsibility model? · A. Patching underlying infrastructure · B. Physical security · C. Patching Amazon EC2 instances · D. Patching network infrastructure
C "Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions."
Web servers running on Amazon EC2 access a legacy application running in a corporate data center. What term would describe this model? · A. Cloud-native · B. Partner network · C. Hybrid architecture · D. Infrastructure as a service
C "Hybrid cloud - Mix of public and private cloud"
Which AWS feature will reduce the customer's total cost of ownership (TCO)? · A. Shared responsibility security model · B. Single tenancy · C. Elastic computing · D. Encryption
C "In cloud computing, elasticity is defined as "the degree to which a system is able to adapt to workload changes by provisioning and de-provisioning resources in an autonomic manner, such that at each point in time the available resources match the current demand as closely as possible. Some cloud solutions can also be automatically adjusted to meet these needs. This means you can set them up to scale up or down automatically based on certain conditions, like when your cloud solution is has too many resources of which some are being under-utilised or if you have too few resources and your solution is running out of processing power." "A core reason organizations adopt a cloud IT infrastructure is to save money. The traditional approach of analyzing Total Cost of Ownership no longer applies when you move to the cloud. Cloud services provide the opportunity for you to use only what you need and pay only for what you use. We refer to this new paradigm as the Total Cost of Operation. You can use Total Cost of Operation (TCO) analysis methodologies to compare the costs of owning a traditional data center with the costs of operating your environment using AWS Cloud services."
What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO? · A. Project management · B. Antivirus software licensing · C. Data center security · D. Software development
C "Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer's operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment. This differentiation of responsibility is commonly referred to as Security "of" the Cloud versus Security "in" the Cloud."
Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing? · A. One-year, No Upfront, Standard RI pricing · B. One-year, All Upfront, Convertible RI pricing · C. Three-year, All Upfront, Standard RI pricing · D. Three-year, No Upfront, Convertible RI pricing
C "Standard Reserved Instances provide you with a significant discount compared to On-Demand Instance pricing, and can be purchased for a 1-year or 3-year term. Customers have the flexibility to change the Availability Zone, the instance size, and networking type of their Standard Reserved Instances. Purchase Convertible Reserved Instances if you need additional flexibility, such as the ability to use different instance families, operating systems, or tenancies over the Reserved Instance term. Convertible Reserved Instances provide you with a smaller discount compared to Standard Reserved Instances" --STANDARD RESERVED INSTANCES PRICING-- "Reserved instances savings (up to): Standard one-year --all upfront = approx. 41% --partial upfront = approx. 40% --no upfront = approx. 37% Standard three-years: --all upfront = approx. 62% --partial upfront = approx. 60% --no upfront = approx. 57%"
One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is: · A. it allows the business to eliminate IT bills. · B. it allows the business to put a server in each customer's data center. · C. it allows the business to focus on business activities. · D. it allows the business to leave servers unpatched.
C "Stop spending money running and maintaining datacenters - Focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking, and powering servers."
What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice areas? · A. AWS Enterprise Support · B. AWS Solutions Architects · C. AWS Professional Services · D. AWS Account Managers
C "The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives. Our team provides assistance through a collection of offerings which help you achieve specific outcomes related to enterprise cloud adoption. We also deliver focused guidance through our global specialty practices, which cover a variety of solutions, technologies, and industries. In addition to working alongside our customers, we share our experience through tech talk webinars, White Papers, and blog posts that are available to anyone. "
Which AWS Cost Management tool allows you to view the most granular data about your AWS bill? · A. AWS Cost Explorer · B. AWS Budgets · C. AWS Cost and Usage report · D. AWS Billing dashboard
C "The Cost & Usage Report is your one-stop-shop for accessing the most granular data about your AWS costs and usage. You can also load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice."
Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances? · A. On-Demand Instances · B. Reserved Instances · C. Spot Instances · D. Convertible Reserved Instances
C "With Spot Instances, you pay the Spot price that's in effect for the time period your instances are running. Spot Instance prices are set by Amazon EC2 and adjust gradually based on long-term trends in supply and demand for Spot Instance capacity. Spot Instances are available at a discount of up to 90% off compared to On-Demand pricing." Incorrect answers: The price per second for a running On-Demand Instance is fixed
Stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities: · A. Amazon Glacier · B. AWS Storage Gateway · C. Amazon S3 · D. Amazon EBS
C Compared to block storage, object storage is much newer. With object storage, data is bundled with customizable metadata tags and a unique identifier to form objects. The metadata tags are a key advantage with object storage — they allow for much better identification and classification of data. Example of object storage: Amazon S3 Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. With versioning you can recover more easily from both unintended user actions and application failures. After versioning is enabled for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of those objects. Answer is NOT EBS because that stores blocks, not objects Block storage is the oldest and simplest form of data storage. Block storage stores data in fixed-sized chunks called — you guessed it — 'blocks'. By itself, a block typically only houses a portion of the data.
Which of the following security-related actions are available at no cost? · A. Calling AWS Support · B. Contacting AWS Professional Services to request a workshop · C. Accessing forums, blogs, and whitepapers · D. Attending AWS classes at a local university
C Free Basic support only provides: --Customer Service and Communities - 24x7 access to customer service, documentation, whitepapers, and support forums. --AWS Trusted Advisor - Access to the 7 core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security. --AWS Personal Health Dashboard Incorrect answers: --A--Developer, Business, and Enterprise support levels (which are paid-for engagements) can only call AWS support --D--Attending an Aws class at a local university would likely cost money
Which task is AWS responsible for in the shared responsibility model for security and compliance? · A. Granting access to individuals and services · B. Encrypting data in transit · C. Updating Amazon EC2 host firmware · D. Updating operating systems
C Host firmware is the full responsibility of AWS as it is part of the host OS on EC2 that AWS manages "Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer's operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates." "AWS responsibility "Security of the Cloud" - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services."
Which AWS service provides a customized view of the health of specific AWS services that power a customer's workloads running on AWS? · A. AWS Service Health Dashboard · B. AWS X-Ray · C. AWS Personal Health Dashboard · D. Amazon CloudWatch
C Keyword is "customized" here. Service Health dashboard doesn't allow you to customize view. The difference between Personal and Health dashboards is that the "Service Health Dashboard" provides the "generic status of overall AWS services, whereas the "Personal Health Dashboard" provides status of services pertaining to "subscribed" AWS services. Hence the name "Personal" "(AWS) Personal Health Dashboard (PHD) - All customers can use this, it is powered by the AWS Health API. A personalized view of the health of AWS services, and alerts when your resources are impacted. It provides alerts and remediation guidance when AWS is experiencing events that may impact you. Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. The dashboard requires no setup, and it's ready to use for authenticated AWS users."
Distributing workloads across multiple Availability Zones supports which cloud architecture design principle? · A. Implement automation. · B. Design for agility. · C. Design for failure. · D. Implement elasticity.
C Using multiple-AZs removes single points of failure, which is part of design for failure (part of 'Reliability Design Principles and Best Practices') Each Availability Zone is engineered to be independent from failures in other Availability Zones. An example of a implementation designed for failure: A fleet of application servers can be distributed across multiple Availability Zones and be attached to ELB. When the EC2 instances of a particular Availability Zone fail their health checks, ELB stops sending traffic to those nodes. In addition, AWS Auto Scaling ensures that the correct number of EC2 instances are available to run your application, launching and terminating instances based on demand and defined by your scaling policies.
Which of the following can limit Amazon Storage Service (Amazon S3) bucket access to specific users? · A. A public and private key-pair · B. Amazon Inspector · C. AWS Identity and Access Management (IAM) policies · D. Security Groups
C You manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents. Incorrect answers: --A-- A key pair, consisting of a private key and a public key, is a set of security credentials that you use to prove your identity when connecting to an instance --B-- Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS --D-- A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic.
Which AWS characteristics make AWS cost effective for a workload with dynamic user demand? (Choose two.) · A. High availability · B. Shared security model · C. Elasticity · D. Pay-as-you-go pricing · E. Reliability
C, D "6 Advantages of Cloud Computing --Trade capital expense for variable expense (Pay-as-you-go model - make payment based on usage only) --Benefit from massive economies of scale --Stop guessing about capacity (i.e. elasticity makes it feasible to add/remove required resources as needed) --Increased speed and agility --Stop spending money running and maintaining data centres --Go global in minutes "
Which design principles for cloud architecture are recommended when re-architecting a large monolithic application? (Choose two.) · A. Use manual monitoring. · B. Use fixed servers. · C. Implement loose coupling. · D. Rely on individual components. · E. Design for scalability.
C, E "Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. Loose coupling is a fundamental design approach, that means any one layer is not affected by another. Therefore, increased fault tolerance." "Scalability is the ability of a software system to increase workload size without application service interruption or performance impact."
A company is migrating an application that is running non-interruptible workloads for a three-year time frame. Which pricing construct would provide the MOST cost-effective solution? · A. Amazon EC2 Spot Instances · B. Amazon EC2 Dedicated Instances · C. Amazon EC2 On-Demand Instances · D. Amazon EC2 Reserved Instances
D "A Reserved Instance is a reservation of resources and capacity, for either one or three years, for a particular Availability Zone within a region. When you purchase a reservation, you commit to paying for all of the hours of the 1- or 3-year term; in exchange, the hourly rate is lowered significantly. Amazon EC2 Reserved Instances (RI) provide a significant discount (up to 72%) compared to On-Demand pricing and provide a capacity reservation when used in a specific Availability Zone. AWS Billing automatically applies your RI's discounted rate when attributes of EC2 instance usage match attributes of an active RI." Incorrect answers: --A--Spot instances can be stopped at any time by AWS so this is not suitable --B--Dedicated Instances are Amazon EC2 instances that run in a VPC on hardware that's dedicated to a single customer. You will pay a premium for this feature and so unless it is specifically required it will not be the most economical for this reason. --C--On-demand instances will stay online constantly, with no risk of being stopped, however they are less economical than reserved instances
What is an example of agility in the AWS Cloud? · A. Access to multiple instance types · B. Access to managed services · C. Using Consolidated Billing to produce one bill · D. Decreased acquisition time for new compute resources
D "Agility is the practice of "building in" the ability to change quickly and inexpensively. The cloud not only makes these other practices practical but provides agility on its own. Infrastructure can be provisioned in minutes instead of months, and de-provisioned or changed just as quickly."
A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes. Which service should the company use? · A. Amazon Redshift · B. Amazon DynamoDB · C. Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store · D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)
D "Amazon Elastic Block Store (EBS) is an easy to use, high-performance, block-storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS. You can choose from different volume types to balance optimal price and performance. You can achieve single-digit-millisecond latency for high-performance database workloads or gigabyte per second throughput for large, sequential workloads. You can change volume types, tune performance, or increase volume size without disrupting your critical applications, so you have cost-effective storage when you need it." EBS volumes preserve their data through instance stops and terminations, can be easily backed up with EBS snapshots, can be removed from one instance and reattached to another, and support full-volume encryption. --INCORRECT ANSWERS-- Some Amazon Elastic Compute Cloud (Amazon EC2) instance types come with a form of directly attached, block-device storage known as the instance store. The instance store is ideal for temporary storage, because the data stored in instance store volumes is not persistent through instance stops, terminations, or hardware failures. Instance store is ephemeral in other words.
Which AWS service provides a simple and scalable shared file storage solution for use with Linux-based AWS and on-premises servers? · A. Amazon S3 · B. Amazon Glacier · C. Amazon EBS · D. Amazon EFS
D "Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. Amazon EFS is designed to provide the throughput, IOPS, and low latency needed for Linux workloads. Throughput and IOPS scale as a file system grows and can burst to higher throughput levels for short periods of time to support the unpredictable performance needs of file workloads. For the most demanding workloads, Amazon EFS can support performance over 10 GB/sec and up to 500,000 IOPS." Incorrect Answers: S3 is durable, global, object storage, not File Storage. File Storage = EFS
Which AWS managed service is used to host databases? · A. AWS Batch · B. AWS Artifact · C. AWS Data Pipeline · D. Amazon RDS
D "Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need."
Which service provides a virtually unlimited amount of online highly durable object storage? · A. Amazon Redshift · B. Amazon Elastic File System (Amazon EFS) · C. Amazon Elastic Container Service (Amazon ECS) · D. Amazon S3
D "Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on the Internet. It's a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs. ... Size limit is for individual item (5TB) not for the whole S3 capacity, which is unlimited"
Compared with costs in traditional and virtualized data centers, AWS has: · A. greater variable costs and greater upfront costs. · B. fixed usage costs and lower upfront costs. · C. lower variable costs and greater upfront costs. · D. lower variable costs and lower upfront costs.
D "The cloud allows you to trade high initial CapEx (such as data centers and physical servers) for a variable OpEx model, and only pay for IT as you consume it. Plus, the variable OpEx expenses are much lower than what you would pay to do it yourself because of the massive economies of scale that AWS has created."
A company is looking for a scalable data warehouse solution. Which of the following AWS solutions would meet the company's needs? · A. Amazon Simple Storage Service (Amazon S3) · B. Amazon DynamoDB · C. Amazon Kinesis · D. Amazon Redshift
D "With Redshift, you can query and combine exabytes of structured and semi-structured data across your data warehouse, operational database, and data lake using standard SQL. Redshift lets you easily save the results of your queries back to your S3 data lake using open formats, like Apache Parquet, so that you can do additional analytics from other analytics services like Amazon EMR, Amazon Athena, and Amazon SageMaker."
Which storage service can be used as a low-cost option for hosting static websites? · A. Amazon Glacier · B. Amazon DynamoDB · C. Amazon Elastic File System (Amazon EFS) · D. Amazon Simple Storage Service (Amazon S3)
D "You can use Amazon S3 to host a static website. On a static website, individual webpages include static content. They might also contain client-side scripts. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting, but AWS has other resources for hosting dynamic websites."
When architecting cloud applications, which of the following are a key design principle? · A. Use the largest instance possible · B. Provision capacity for peak load · C. Use the Scrum development process · D. Implement elasticity
D AWS encourages elasticity and not specifically provisioning for peak traffic. "6 Advantages of Cloud Computing: --Trade capital expense for variable expense --Benefit from massive economies of scale --Stop guessing about capacity (i.e. elasticity) --Increased speed and agility --Stop spending money running and maintaining data centres --Go global in minutes" "Another way you can save money with AWS is by taking advantage of the platform's elasticity. Plan to implement Auto Scaling for as many Amazon EC2 workloads as possible, so that you horizontally scale up when needed and scale down and automatically reduce your spending when you don't need that capacity anymore. In addition, you can automate turning off non-production workloads when not in use. Ultimately, consider which compute workloads you could implement on AWS Lambda so that you never pay for idle or redundant resources."
Which Amazon EC2 instance pricing model can provide discounts of up to 90%? · A. Reserved Instances · B. On-Demand · C. Dedicated Hosts · D. Spot Instances
D Spot - Up to 90% discount Reserved - Up to 75% discount On-demand - Full price Dedicated hosts - Higher cost than on-demand
AWS supports which of the following methods to add security to Identity and Access Management (IAM) users? (Choose two.) · A. Implementing Amazon Rekognition · B. Using AWS Shield-protected resources · C. Blocking access with Security Groups · D. Using Multi-Factor Authentication (MFA) · E. Enforcing password strength and expiration
D, E "IAM Best Practices - To help secure your AWS resources, follow these recommendations for the AWS Identity and Access Management (IAM) service: --Lock away your AWS account root user access keys --Create individual IAM users --Use groups to assign permissions to IAM users --Grant least privilege --Get started using permissions with AWS managed policies --Use customer managed policies instead of inline policies --Use access levels to review IAM permissions --Configure a strong password policy for your users --Enable MFA - These are not physical MFA tokens typically --Use roles for applications that run on Amazon EC2 instances --Use roles to delegate permissions --Do not share access keys --Rotate credentials regularly --Remove unnecessary credentials --Use policy conditions for extra security --Monitor activity in your AWS account