Cloud Practitioner
Which of the following service is most useful when a Disaster Recovery method is triggered in AWS? A. Amazon Route 53 B. Amazon SNS C. Amazon SQS D. Amazon Inspector
A. Amazon Route 53 Rouet53 is a domain name system service by AWS. When a Disaster does occur , it can be easy to switch to secondary sites using the Route53 service.
There is a requirement to store objects. The objects must be downloadable via a URL. Which storage option would you choose? A. Amazon S3 B. Amazon Glacier C. Amazon Storage Gateway D. Amazon EBS
A. Amazon S3
Which of the following storage options provides the option of Lifecycle policies that can be used to move objects to archive storage? A. Amazon S3 B. Amazon Glacier C. Amazon Storage Gateway D. Amazon EBS
A. Amazon S3
If you are developing an application that requires a database with extremely fast performance, fast scalability, and flexibility in the database schema, what should you consider? A. Amazon RDS B. Amazon ElatiCache C. Amazon DynamoDB D. Amazon Redshift
C. Amazon DynamoDB
EC2
Cloud Compute - web service that provides secure, resizable compute capacity in the cloud
What services would you use if you would like to be notified when you cross a billing threshold?
Cloudwatch AWS budgets
You create a new subnet and then add a route to your route table that routes traffic out from that subnet to the Internet using an IGW. What type of subnet have you created? A. An internal subnet B. A private subnet C. An external subnet D. A public subnet
D. A public subnet By creating a route out to the Internet using an IGW, you have made this subnet public.
Which service would you use to send alerts based on Amazon CloudWatch alarms? A. AWS CloudTrail B. Amazon Route 53 C. AWS Trusted Advisor D. Amazon SNS
D. Amazon SNS is the service you would use to send alerts.
Which of the following disaster recovery deployment mechanisms that has the highest downtime? A. Pilot light B. Warm standby C. Multi Site D. Backup and Restore
D. Backup and Restore
Which of the following EC2 options is best for long-term workloads with predictable usage patterns? A. Spot instances B. On-Demand instances C. Dedicated Host D. Reserved instances
D. Reserved instances Reserved instances are the most economical option for long-term workloads with predictable usage patterns.
Where is CloudFront content cached?
Edge locations
3 types of cloud computing
Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS)
Amazon Athena
Interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
Which AWS service allows you to run code without having to worry about provisioning any underlying resources
Lambda
Amazon Lightsail is an example of which kind of service?
PaaS
What is AWS' data warehousing service?
Redshift
Which EC2 option is best for long term workloads with predictale usage patterns
Reserved
Enterprise Support Plan
1. 24/7 tech support 2. General < 24 hrs 3. System Impaired < 12 hrs 4. Production system impaired < 4 hrs 5. Production System down < 1 hr 6. Business critical system down < 15 min 7. TAM 8. Pricing - $15000/month
Load Balancers come in 3 types:
1. Application Load Balancers - layer 7 2. Network Load Balancers - extreme performance 3. Classic Load Balancers - Test/Dev
Advantages of cloud compute
1. Global in minutes 2. Increase speed and agility 3. Elasticity 4. Variable expense
AWS Total Cost of Ownership
1. How much it costs to do things yourself versus on AWS 2. Gives Comparison 3. Gives a report as to why you should move to the cloud
Tags attributes
1. Key value pairs attached to AWS resources 2. Metadata (data about data) 3. Tags can sometimes be inherited 4. global
Advantages of Consolidated Billing
1. One bill per AWS account 2. Very easy to track charges and allocate costs 3. Volume pricing disocunt
CloudTrail
1. Per AWS account and is enabled per region 2. Can consolidated logs using S3 buckets -Turn on CloudTrail in paying account -Create a bucket policy that allows cross account access -Turn on CloudTrail in the other accounts and use the bucket in the paying account
DynamoDB Pricing
1. Provisioned Throughput (write) -As low as $.47 per WCU 2. Provisioned Throughput (read) -As low as $.09 per RCU 3. Indexed Data Storage -As low as $.25 per GB
Name the 6 advantages of Cloud
1. Trade Capital Expense for variable expense 2. Benefit from massive economies of scale 3. Stop guessing about capacity 4.increased speed and agility 5. Stop spending money running and maintaining data centers 6. Go global in minutes
CloudFront Pricing
1. Traffic Distribution 2. Data transfers out 3. Requests
Security
1. Use AWS features for defense in depth 2. Share security responsibility with AWS 3. Reduce privileged access 4. Security as a code 5. Real time Auditing
What are the access types for IAM users?
1. Using SDKs 2. AWS managment console access 3. Programmatic access via the command line
Principles of AWS billing
1. pay as you go 2. pay less when you reserve 3. pay even less when you use more 4. pay even less as AWS grows 5. custom pricing
Scale out
1. stateless applications 2. distribute load to multiple nodes 3. stateless components 4. Stateful components 5. Implement session affinity 6. Implement distributed processing
Ways to access AWS
1. via console 2. Programmatically - command line 3. Using SDK's
By default, what is the maximum number of linked accounts per paying account under consolidated billing?
20
S3 Standard (Storage Class)
99.999% availability and durability, stored redundantly across multiple devices in multiple facilities, and is designed to sustain the loss of 2 facilities concurrently
Which of the following are characteristics of Amazon S3? (Select TWO.) A. A global file system B. An object store C. A local file store D. A network file system E. A durable storage system
A. A global file system B. An object store pepe
The AWS Risk and Compliance Programs is made up of which of the following components? (Choose three) A. Control Environment B. Automation Environment C. Identity Management D. Physical Security E. Risk Management F. Information Security
A. Control Environment E. Risk Management F. Information Security
True or False: Identity Access Management (IAM) is a Regional service? A. False B. True
A. False Identity Access Management is a Global service.
Which of the following services provides trusted users with temporary security credentials that can control access to your AWS resources? (Select the best answer) A. AWS CLI B. AWS Security Token Service(STS) C. AWS IAM User D. Application authentication
B. AWS Security Token Service(STS)
You need to use an AWS service to assess the security and compliance of your EC2 instances. Which service should you use?
AWS Inspector
S3 Glacier Deep Archive (Storage Class)
Amazon's S3's lowest cost storage class where a retrieval time of 12 hours is acceptable
True or False: With Consolidated Billing, the Paying Account can make changes to any of the resources owned by a Linked Account. A. True B. False
B. False The Paying Account cannot make changes to any of the resources owned by a Linked Account.
Which of the following is AWS's responsibility under the AWS shared responsibility model? (Select the best answer) A. Configuring third-party applications B. Maintaining physical hardware C. Securing application access and data D. Managing custom AMI
B. Maintaining physical hardware
Which Amazon Relational Database Service (Amazon RDS) database engines support read replicas? A. Microsoft SQL Server and Oracle B. MySQL, MariaDB, PostgreSQL, and Aurora C. Aurora, Microsoft SQL Server, and Oracle D. MySQL and PostgreSQL
B. Read replicas are supported by MySQL, MariaDB, PostgreSQL, and Aurora.
You need to find an item in a DynamoDB table using an attribute other than the item's primary key. Which of the following operations should you use? A. POST B. Scan C. Query D. GET
B. Scan To find an item in a DynamoDB table other then the item's primary key, you would use the scan operation.
Which of the following are some of the security benefits that AWS offers? (Choose two) A. Shared Collaboration Model B. Secure global infrastructure C. Meet compliance requirements D. Inventory and Application Management E. Data Storage
B. Secure global infrastructure C. Meet compliance requirements
True or False: S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc. A. False B. True
B. True
Which of the following scenarios is most appropriate to implement Amazon ElastiCache in order to improve on performance? A. Where there are frequent writes to a database instance B. Where there are frequent reads of static content on a web application C. Where there are frequent reads of dynamic content on a web application D. Where there are infrequent random reads to static content on a web application
B. Where there are frequent reads of static content on a web application
What is the AWS feature that enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket? A. File Transfer B. HTTP Transfer C. Amazon S3 Transfer Acceleration D. S3 Acceleration
C. Amazon S3 Transfer Acceleration
Which of the following support plans features a < 15 minute response time in the event of a business-critical system down? A. Business B. Developer C. Enterprise D. Basic
C. Enterprise
You need to find an item in a DynamoDB table using an attribute other than the item's primary key. Which of the following operations should you use? A. POST B. Query C. Scan D. GET
C. Scan A table scan will allow you to do this.
You have created a custom Amazon VPC with both private and public subnets. You have created a NAT instance and deployed this instance to a public subnet. You have attached an EIP address and added your NAT to the route table. Unfortunately, instances in your private subnet still cannot access the Internet. What may be the cause of this? A. Your NAT is in a public subnet, but it needs to be in a private subnet. B. Your NAT should be behind an Elastic Load Balancer. C. You should disable source/destination checks on the NAT. D. Your NAT has been deployed on a Windows instance, but your other instances are Linux. You should redeploy the NAT onto a Linux instance.
C. You should disable source/destination checks on the NAT. You should disable source/destination checks on the NAT.
Customer Specific
Controls which are solely the repsonsibility of the customer based on the application they are deploying within AWS services
On a social media website, creative content goes viral for a few days and then rapidly declines in popularity and views thereafter. Which storage class and configuration option would you choose for a cost-effective storage? A. Amazon S3 Standard with object versioning B. Amazon S3 Intelligent-Tiering C. Amazon Elastic File Store (EFS) D. Amazon S3 Standard with lifecycle policies
D. Amazon S3 Standard with lifecycle policies
As per the AWS Acceptable Use Policy, penetration testing of EC2 instances: A. May be performed by AWS, and will be performed by AWS upon customer request. B. May be performed by AWS, and is periodically performed by AWS. C. Are expressly prohibited under all circumstances. D. Can be performed by the customer, provided they work with the list of services mentioned by AWS. E. May be performed by the customer on their owninstances, only if performed from EC2 instances.
D. Can be performed by the customer, provided they work with the list of services mentioned by AWS.
IAM policies are written using...
JSON
Which of the following are not valid CloudFormation sections a. Parameters b. Resources c. Outputs d. Options
Options
Scalability
Scale up Scale out
SNS
Simple Notification Service - high available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications
You have a project will require 90 hours of computing time. There is no deadline, and the work can be stopped and restarted without adverse effect. Which of the following computing options offers the most cost-effective solutions?
Spot instances
Which native AWS service will act as a file system mounted on an S3 bucket
Storage Gateway - used for attaching infrastructure located in a data center to the AWS storage infrastructure
A cloudfront origin can be an S3 bucket, an EC2 instance, an elastic load balancer, or Route53
True
A distribution is what we call a series of edge locations that make up CDN
True
Systems Manager
Visibility and control of your infrastructure on AWS
WAF
Web Application Firewall - Device that helps you protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources -Layer 7 firewall -Designed to stop hackers
AWS Shared Responsibility Model
While AWS manages security OF the cloud, Customers manage security IN the cloud
ECR
container registry that makes it easy for devs to store, manage, and deploy Docker container images
Provisioned IOPS SSD (IO1)
highest performance SSD volumes mission critical low latency or high throughput workloads
DNS
process computers use to resolve domain names to IP addresses (phonebook) Amazon's DNS is Route 53
Elastic Beanstalk
quickly deploy and make applications in the AWS Cloud without worrying about the infrastructure that runs those apps. Upload the app, EB automatically handles capacity provisioning, load balancing, scalability, and application health monitoring
S3 Glacier (Storage Class)
securable, durable, low cost storage class for data archiving. Retrieval times configurable from minutes to hours
Your Dev team uses 4 on demand EC2 instances and your QA has 5 reserved instances, only 3 of which are being used. Assuming all AWS account are under a single AWS Organization, how will the Dev team's instances be billed?
the dev team will be billed for two instances on demand prices and 2 instances at the reserved instance price
What best describes EBS
virtual hard disks in the cloud
Which is AWS's managed DDoS protection service?
AWS Shield
Which of the following are Support Levels offered by AWS? (Choose 3) A. Basic B. Developer C. Business D. Individual E. Start-up
A. Basic B. Developer C. Business The AWS Support levels are Basic, Developer, Business, and Enterprise.
Which of the following support plans features a < 4-hour response time in the event of an impaired production system? A. Business B. Developer C. Individual D. Basic
A. Business Both the Business and Enterprise support levels offer a < 4-hour response time in the event of an impaired production system.
Common use cases for Amazon S3 include ________. (Choose 2) A. Static web hosting B. Installing a filesystem C. hosting a relational database D. Storing application assets
A. Static web hosting D. Storing application assets
Which AWS service gives the user the ability to group AWS resources across different AWS Regions by application and then collectively view their operational data for monitoring purposes? A. Systems Manager B. Management Console C. Resource Groups D. Resource Access Manager (AWS RAM)
A. Systems Manager
In which order is a user granted access to AWS services? A. The user is Authenticated, then Authorized to use AWS services. B. The user is Authorized, then Authenticated.
A. The user is Authenticated, then Authorized to use AWS services.
Which of the following is not one of the four areas of the performance efficiency pillar? (Select the best answer) A. Traceability B. Monitoring C. Selection D. Tradeoffs
A. Traceability
True or False? Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user-defined retention period and enabling point-in-time recovery. A. True B. False
A. True
Which statements accurately distinguish AWS Cloud9 from AWS Lambda. (Select TWO). A. With AWS Cloud9, developers can share in real-time a development environment with just a few clicks and pair program together. This is not possible with AWS Lambda B. AWS Lambda can be used to create functions that run in AWS Cloud9 IDE C. AWS Lambda functions are dependent on the Amazon API Gateway whilst AWS Cloud9 IDE can write, run, and debug any code D. AWS Cloud9 provides an online platform to write, run, and debug code from the browser, whilst AWS Lambda functions can be installed locally E. Without locally installing an integrated development environment, AWS Cloud9 will not run.
A. With AWS Cloud9, developers can share in real-time a development environment with just a few clicks and pair program together. This is not possible with AWS Lambda B. AWS Lambda can be used to create functions that run in AWS Cloud9 IDE
Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities? A. AWS Trusted Advisor B. AWS Inspector C. AWS WAF D. AWS Shield
B. AWS Inspector Enables you to analyze the behavior of your AWS resources and helps you to identify potential security issues. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security assessment run of this target.
The Chief Marketing Officer of the hotel chain you work for would like to implement voice recognition capabilities in rooms so customers can request services without picking up the phone. Competitors have already begun rolling out these technologies in an attempt to improve their customers' experience. Which benefit of the AWS cloud would you most emphasize to the CMO in your business case for creating an AWS-based solution? A. Deploy Globally in Minutes B. Agility C. Elasticity D. Cost Savings
B. Agility The AWS cloud provides instant access to new technologies. Companies can move with agility to satisfy new business requirements and meet competitive demands. There is a very low barrier of entry for innovation. If a solution is not meeting expectations, services can be instantly de-provisioned. The other three options will also prove to be benefits of deploying in the AWS cloud, but the use case emphasizes the need to move quickly against competitive threats.
Which Amazon VPC feature allows you to create a dual-homed instance? A. EIP address B. ENI C. Security groups D. CGW
B. ENI Attaching an ENI associated with a different subnet to an instance can make the instance dual-homed.
Your company is planning to host resources in the AWS Cloud. They want to use services which can be used to decouple resources hosted on the cloud. Which of the following services can help fulfil this requirement A. AWS EBS Volumes B. AWS EBS Snapshots C. AWS Glacier D. AWS SQS
D. AWS SQS Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly-scalable hosted queue for storing messages as they travel between applications or microservices. It moves data between distributedapplicationcomponentsandhelpsyoudecouplethesecomponents
In Amazon DynamoDB, what does the query operation allow you to do? A. Query a table using the partition key and an optional sort key filter B. Query any secondary indexes that exist for a table. C. Efficiently retrieve items from a table or secondary index. D. All of the Above.
D. All of the Above. In Amazon DynamoDB, the query operation allows you to do all these things.
_______ is up to five times faster than standard MySQL databases and three times faster than standard PostgreSQL databases. A. Amazon RDS B. Amazon Redshift C. Amazon DynamoDB D. Amazon Aurora
D. Amazon Aurora is up to five times faster than standard MySQL databases and three times faster than standard PostgreSQL databases.
With AWS orgs, you can use either just the consolidated billing feature, or all the offered features
True
Neptune
fast, reliable, fully managed graph database services that makes it easy to build and run applications that work with highly connected datasets
It's safter to use access keys than IAm roles
False
With Consolidated Billing, the Paying Account can make changes to any of the resources owned by a linked account
False - the paying account cannot make changes to any of the resources owned by a linked account
To restrict access to an entire bucket, you use bucket control lists; and to restrict access to an individual objects, you can use object policies
False - you use bucket policies and to restrict you use control lists
Objects stored in S3 are stored in a single, central location within AWS
False, Objects stored in S3 are stored in multiple servers in multiple facilities across AWS
General Purpose SSD (GP2)
balances price and performance for a variety of workloads
What service do all support accounts receive?
billing support
Throughput Optimized HDD (ST1)
low cost HDD volume designed frequently accessed, throughput intensive workloads
Resource Groups
makes it easy to group your resources the tags assigned to them Can apply automation
RDS
makes it easy to set up, operate, and scale a relational database in the cloud. Provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backup
CloudSearch
managed service that makes it simple to set up, manage, and scale a search solution for your website or application, allows you to build search indexes
AWS Budgets
ability to set custom budgets that alert you when your costs or usage exceed you budgeted amount
AWS Cloud Compliance
Enables you to understand the robust controls in place at AWS to maintain security and data protection in the cloud
Instantiating Compute Resources
1. Bootstrapping 2. Golden Images 3. Hybrid Images 4. Containers
RDS Pricing
1. Clock hours of server times 2. DB characteristics 3. DB purchase types 4. Number of DB instances 5. Provisioned storage 6. Additional Storage 7. Requests 8. Deployment Type 9. Data Transfer Out
Which best describes an AWS region?
A distinct location within a geographic area designed to provide high availability to a specific geography
When you create a table in Amazon DynamoDB, in addition to the table name, you must specify the _____ of the table. A. Primary Key B. Local secondary index C. Sort key D. Global secondary index
A. A. Primary Key You must specify the primary key of the table.
What are the minimum elements required to create an Auto Scaling launch configuration? Select 3 A. AMI B. Security Group C. Instance type D. Block device mapping E. Launch Configuration Name
A. AMI C. Instance type E. Launch Configuration Name
Which of the following are Migration services? Select 2 A. AWS Snowball B. AWS Config C. AWS Application Discovery Service D. AWS OpsWorks
A. AWS Snowball C. AWS Application Discovery Service AWS Config and AWS OpsWorks are Management Tools.
Which of the following are best practices when it comes to securing your Root AWS account? Select 5 A. Activate MFA on the Root Account. B. Create individual IAM users. C. Delete your Root account password D. Delete your Root access keys. E. Store your Root account keys on your application for easy access. F. Apply an IAM password policy. G. Use groups to assign permissions.
A. Activate MFA on the Root Account. B. Create individual IAM users. D. Delete your Root access keys. F. Apply an IAM password policy. G. Use groups to assign permissions.
Which Amazon Relational Database Service (Amazon RDS) database engines support Multi-AZ? A. MySQL B. Microsoft SQL Server, MySQL, and Oracle C. Oracle, Amazon Aurora, and PostgreSQL D. All of them
A. All Amazon RDS database engines support Multi-AZ deployment.
Amazon CloudWatch supports which types of monitoring plans? (Choose two) A. Detailed monitoring, which has an additional cost. B. Detailed monitoring, which is free. C. Basic Monitoring, which has an additional cost. D. Ad hoc monitoring, which has an additional a cost. E. Basic monitoring, which is free
A. Detailed monitoring, which has an additional cost. E. Basic monitoring, which is free
After initial login, what does AWS recommend as the best practice for the AWS Account Root User? (Select the best answer) A. Delete root user access keys B. Delete root user account C. Revoke all permissions on the root user account D. Restrict permission on root user account
A. Delete root user access keys
Which of the following are principles of sound design when it comes to performance efficiency? (Choose 3) A. Democratize advanced technologies. B. Deploy into multiple Regions to go global in minutes. C. Have your IT staff master all new technologies. D. Use Serverless architectures. E. Mechanical empathy
A. Democratize advanced technologies. B. Deploy into multiple Regions to go global in minutes. D. Use Serverless architectures. Of these choices, you should democratize advanced technologies, deploy into multiple Regions, and use Serverless technologies
Which of the following AWS services use serverless technology? Choose 2 answers from the options given below. A. DynamoDB B. EC2 C. Simple Storage Service D. AWS Autoscaling
A. DynamoDB C. Simple Storage Service The Simple Storage service and DynamoDB are services where you don't need to manage the underlying infrastructure.
Which of the following Route 53 policies allow you to a) route data to a second resource if the first is unhealthy, and b) route data to resources that have better performance? A. Failover Routing and Latency-based Routing B. Geoproximity Routing and Geolocation Routing C. Geolocation Routing and Latency-based Routing D. Failover Routing and Simple Routing
A. Failover Routing and Latency-based Routing are the only two correct options, as they consider routing data based on whether the resource is healthy or whether one set of resources is more performant than another. Any answer containing location based routing (Geoproximity and Geolocation) cannot be correct in this case, as these types only consider where the client or resources are located before routing the data. They do not take into account whether a resource is online or slow. Simple Routing can also be discounted as it does not take into account the state of the resources.
True or False: S3 can be used to host a dynamic website, like one that runs on a LAMP stack? A. False B. True
A. False S3 can be used to host *static* websites.
Which of the following is an optional security control that can be applied at the subnet layer of a VPC? A. Network ACL B. Security Group C. Firewall D. Web application firewall
A. Network ACL Network ACLs are associated to a VPC subnet to control traffic flow.
Which of the following are principles of sound design when it comes to reliability? select 2 A. Scale horizontally. B. Stop guessing about your capacity requirements. C. Manage change at the individual resource level. D. When in doubt, over-provision.
A. Scale horizontally. B. Stop guessing about your capacity requirements. The elasticity of cloud computing means that you need never over-provision or manage change at the resource level.
An organization runs several EC2 instances inside a VPC using three subnets, one for Development, one for Test and one for Production. The Security team has some concerns about the VPC configuration and requires to restrict the communication across the EC2 instances using Security Groups. Which of the following options is true for Security Groups? A. You can change a Security Group associated to an instance if the instance state is stopped or running. B. You can change a Security Group associated to an instance if the instance state is stopped but not if the instance state is running. C. You can change a Security Group only if there are no instances associated to it. D. The only Security Group you can change is the Default Security Group. E. None of the above
A. You can change a Security Group associated to an instance if the instance state is stopped or running. After you launch an instance into a VPC, you can change the security groups that are associated with the instance. You can change the security groups for an instance when the instance is in the running or stopped state
Which of the following AWS resources would you use in order for an EC2-VPC instance to resolve DNS names outside of AWS? A. A VPC peering connection B. A DHCP option set C. A routing rule D. An IGW
B. A DHCP option set A DHCP option set allows customers to define DNS servers for DNS name resolution, establish domain names for instances within an Amazon VPC, define NTP servers, and define the NetBIOS name servers.
Where can a customer find information about prohibited actions on AWS infrastructure? (Select the best answer) A. AWS Billing Console B. AWS Acceptable Use Policy C. AWS IAM D. AWS Trusted Advisor
B. AWS Acceptable Use Policy
Which AWS service is specifically designed to assist you in processing large data sets? A. AWS Big Data Processing B. AWS EMR C. ElastiCache D. EC2
B. AWS EMR Amazon EMR is a web service that makes it easy to process large amounts of data efficiently.
You have been using Amazon Relational Database Service (Amazon RDS) for the last year to run an important application with automated backups enabled. One of your team members is performing routine maintenance and accidentally drops an important table, causing an outage. How can you recover the missing data while minimizing the duration of the outage? A. Perform an undo operation and recover the table. B. Restore the database from a recent automated DB snapshot. C. Restore only the dropped table from the DB snapshot. D. The data cannot be recovered.
B. DB Snapshots can be used to restore a complete copy of the database at a specific point in time. Individual tables cannot be extracted from a snapshot.
Your company handles a crucial ecommerce application. This applications needs to have an uptime of at least 99.5%. There is a decision to move the application to the AWS Cloud. Which of the following deployment strategies can help build a robust architecture for such an application? A. Deploying the application across multiple VPC's B. Deploying the application across multiple Regions C. Deploying the application across Edge locations D. Deploying the application across multiple subnets
B. Deploying the application across multiple Regions
Which of the below does S3 Transfer Acceleration use to get your data into AWS quicker? A. Availability Zones B. Edge Locations C. AWS Regions D. VPCs
B. Edge Locations S3 Transfer Acceleration uses AWS' network of Edge Locations to more quickly get your data into AWS.
The Access Key and Secret Access Key are used to log into the AWS Management Console. A. True B. False
B. False
True or False? AWS is responsible for the security of everything above the hypervisor layer.True or False? AWS is responsible for the security of everything above the hypervisor layer. A. True B. False
B. False
True or False: Objects stored in S3 are stored in a single, central location within AWS? A. True B. False
B. False Objects stored in S3 are stored in multiple servers in multiple facilities across AWS.
"S3 Intelligent-Tiering" object storage class delivers automatic cost savings by moving data between which of the two access tiers? A. Standard access and Frequent access B. Frequent access and Infrequent access C. Standard access and Infrequent access D. Standard access and One Zone-Infrequent access
B. Frequent access and Infrequent access
You are building the database tier for an enterprise application that gets occasional activity throughout the day. Which storage type should you select as your default option? A. Magnetic storage B. General Purpose Solid State Drive (SSD) C. Provisioned IOPS (SSD) D. Storage Area Network (SAN)-attached
B. General Purpose (SSD) volumes are generally the right choice for databases that have bursts of activity.
You need to allow resources in a private subnet to access the internet. Which of the following must be present to enable this access? A. Network Access Control Lists B. NAT Gateway C. Security Groups D. Route Tables
B. NAT Gateway A NAT Gateway is required to allow resources in a private subnet to access the internet.
You are responsible for your company's AWS resources, and you notice a significant amount of traffic from an IP address in a foreign country in which your company does not have customers. Further investigation of the traffic indicates the source of the traffic is scanning for open ports on your EC2-VPC instances. Which one of the following resources can deny the traffic from reaching the instances? A. Security group B. Network ACL C. NAT instance D. An Amazon VPC endpoint
B. Network ACL rules can deny traffic
An administrator noticed a consistent spike in processor and memory activity on the organisation's web servers that host a large web application, this was after installing Secure Socket Layer/Transport Layer Security (SSL/TLS) for security. This increased activity degraded the web application's responsiveness. What is the best-practice solution to resolve the situation? A. Migrate the web application onto m4.4xlarge EC2 instances with robust compute, processing and networking capability. B. Offload the SSL/TLS from running locally to AWS CloudHSM. C. Create an auto-scaling group that scales out as traffic to the web application cluster increases. D. Create a custom AWS CloudWatch metric to monitor the instance resources, by writing a script in the AWS Command Line Interface (AWS CLI).
B. Offload the SSL/TLS from running locally to AWS CloudHSM.
Which of the following is not a characteristic of the Auto Scaling service on AWS? A. Enforces a minimum number of running Amazon EC2 instances. B. Sends traffic to heavy instances. C. Launches instances from a specified AMI. D. Responds to changing conditions by adding EC2 instances.
B. Sends traffic to heavy instances.
Which design principles are recommended when considering performance efficiency? (Choose two) A. Enabling traceability B. Serverless Architecture C. Expenditure awareness D. Democratize advance technologies E. Match supply with demand
B. Serverless Architecture D. Democratize advance technologies
True or False: A CloudFront Origin can be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53? A. False B. True
B. True A CloudFront Origin can be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53.
When using Amazon Relational Database Service (Amazon RDS) Multi-AZ, how can you offload read requests from the primary? (Choose 2 answers) A. Configure the connection string of the clients to connect to the secondary node and perform reads while the primary is used for writes. B. Amazon RDS automatically sends writes to the primary and sends reads to the secondary. C. Add a read replica DB instance, and configure the client's application logic to use a read-replica. D. Create a caching environment using ElastiCache to cache frequently used data. Update the application logic to read/write from the cache.
C, D. Amazon RDS allows for the creation of one or more read-replicas for many engines that can be used to handle reads. Another common pattern is to create a cache using Memcached and Amazon ElastiCache to store frequently used queries. The secondary slave DB Instance is not accessible and cannot be used to offload queries.
Which of the following AWS tools help your application scale up or down based on demand? (Choose two) A. Agile Load Balancing B. Auto Availability Zones C. Elastic Load Balancing D. AWS CloudFormation E. Auto Scaling
C. & E. Auto Scaling and Elastic Load balancing help your applications scale up or down.
What is the minimum size subnet that you can have in an Amazon VPC? A. /24 B. /26 C. /28 D. /30
C. /28 C. The minimum size subnet that you can have in an Amazon VPC is /28.
You are the architect of a custom application running inside your corporate data center. The application runs with some unresolved bugs that produce a lot of data inside custom log files generating time-consuming activities to the operation team who is responsible for analyzing them. You want to move the application to AWS using EC2 instances, and at the same time, take the opportunity for improving logging and monitoring capabilities but without touching the application code. What AWS service should you use to satisfy the requirement? A. AWS Kinesis Data Streams B. AWS CloudTrail C. AWS CloudWatch Logs D. AWS Application Logs
C. AWS CloudWatch Logs
When running a relational database on either your hardware or on an EC2 instance, you are responsible for which of the following? A. Database backups and high-availability B. Data security C. All of these D. Operating system maintenance E. Software install and patches
C. All of these When running a relational database on either your hardware or on an EC2 instance, you are responsible for all of these tasks. As the system designer or administrator you can control the energy footprint through; size selection, load smoothing, and powering it off when not in use.
You create a new VPC in US-East-1 and provision three subnets inside this Amazon VPC. Which of the following statements is true? A. By default, these subnets will not be able to communicate with each other; you will need to create routes. B. All subnets are public by default. C. All subnets will be able to communicate with each other by default. D. Each subnet will have identical CIDR blocks.
C. All subnets will be able to communicate with each other by default. When you provision an Amazon VPC, all subnets can communicate with each other by default.
Your company is moving a large application to AWS using a set of EC2 instances. A key requirement is reusing existing server-bound software licensing. Which of the following options is the best for satisfying the requirement? A. EC2 Dedicated Instances B. EC2 Reserved Instances C. EC2 Dedicated Hosts D. EC2 Spot Instances
C. EC2 Dedicated Hosts instances run on a dedicated hardware where AWS gives visibility of physical characteristics. AWS documentation mentions this with the following sentence: "...Dedicated Host gives you additional visibility and control over how instances are placed on a physical server, and you can consistently deploy your instances to the same physical server over time. As a result, Dedicated Hosts enable you to use your existing server-bound software licenses and address corporate compliance and regulatory requirements."
You are a solutions architect working for a media company that hosts its website on AWS. Currently, there is a single Amazon Elastic Compute Cloud (Amazon EC2) Instance on AWS with MySQL installed locally to that Amazon EC2 Instance. You have been asked to make the company's production environment more resilient and to increase performance. You suggest that the company split out the MySQL database onto an Amazon RDS Instance with Multi-AZ enabled. This addresses the company's increased resiliency requirements. Now you need to suggest how you can increase performance. Ninety-nine percent of the company's end users are magazine subscribers who will be reading additional articles on the website, so only one percent of end users will need to write data to the site. What should you suggest to increase performance? A. Alter the connection string so that if a user is going to write data, it is written to the secondary copy of the Multi-AZ database. B. Alter the connection string so that if a user is going to write data, it is written to the primary copy of the Multi-AZ database. C. Recommend that the company use read replicas, and distribute the traffic across multiple read replicas. D. Migrate the MySQL database to Amazon Redshift to take advantage of columnar storage and maximize performance.
C. In this scenario, the best idea is to use read replicas to scale out the database and thus maximize read performance. When using Multi-AZ, the secondary database is not accessible and all reads and writes must go to the primary or any read replicas.
In the Shared Responsibility Model, which of the following are examples of "security in the cloud?" (Choose two) A. Physical security of the facilities in which the service operate B. Compliance with compute security standards and regulations C. In which country content is stored D. Protecting the global infrastructure E. Which AWS service are used with the content
C. In which country content is stored E. Which AWS service are used with the content
Which of the following are included in AWS Assurance Programs? (Choose two) A. Industry best practices B. Customer testimonials C. Laws, regulations, & privacy D. Partner validations E. Certification/Attestations
C. Laws, regulations, & privacy E. Certification/Attestations
You have a mission-critical application which must be globally available at all times. Which deployment strategy should you follow? A. Deploy to all Availability Zones in your home region. B. Multi-VPC in two AWS Regions C. Multi-Region D. Multi-Availability Zone
C. Multi-Region A Multi-Region deployment will best ensure global availability.
Your company provides media content via the Internet to customers through a paid subscription model. You leverage Amazon CloudFront to distribute content to your customers with low latency. What approach can you use to serve this private content securely to your paid subscribers? A. Use HTTS request to ensure that your objects are encrypted when Amazon CloudFront serves them to viewers. B. Configure Amazon CloudFront to compress the media files automatically fr paid subscribers. C. Provide signed Amazon CloudFront URLs to authenticated users to access the paid content.
C. Provide signed Amazon CloudFront URLs to authenticated users to access the paid content.
You are building a photo management application that maintains metadata on millions of images in an Amazon DynamoDB table. When a photo is retrieved, you want to display the metadata next to the image. Which Amazon DynamoDB operation will you use to retrieve the metadata attributes from the table? A. Scan operation B. Search operation C. Query operation D. Find operation
C. Query is the most efficient operation to find a single item in a large table.
Which of the following features of an Amazon VPC can only exist in one Availability Zones at a time? A. None of these B. a Security Group C. a Subnet D. a Route Table
C. a Subnet A specific subnet can only exist in one availability zone, however you can create multiple subnets so that your VPC can span multiple Availability Zones. Route tables are applied to subnets, however one route table can be applied to mant subnets, meaning it can exist in multiple zones. Similarly, a single secuirty group can be used in more than one AZ.
Which of the following are AWS IAM best practices? (Choose two) A. Provide users with default admin privileges. B. Leave unused and unnecessary user and credentials in place. C.Monitor activity in your AWS account. D. Rotate credentials regularly
C.Monitor activity in your AWS account. D. Rotate credentials regularly
Which of the following is the Amazon side of an Amazon VPN connection? A. An EIP B. A CGW C. An IGW D. A VPG
D. A VPG A CGW is the customer side of a VPN connection, and an IGW connects a network to the Internet. A VPG is the Amazon side of a VPN connection.
You are an AWS Enterprise customer with questions about billing and your overall AWS account. Which of the following AWS support personnel should you contact? A. AWS Technical Account Manager B. AWS Support C. AWS Billing and Accounts D. AWS Concierge
D. AWS Concierge For AWS Enterprise customers, the AWS Concierge is a resource dedicated to answering billing and account questions.
S3 One Zone - IA (Storage Class)
For when you want a lower cost option for infrequently accessed data but do not require the multiple AZ data resilience
Which AWS database service is best suited for non-relational databases? A. Amazon Redshift B. Amazon Relational Database Service (Amazon RDS) C. Amazon Glacier D. Amazon DynamoDB
D. Amazon DynamoDB is best suited for non-relational databases. Amazon RDS and Amazon Redshift are both structured relational databases.
Which AWS Cloud service is best suited for Online Analytics Processing (OLAP)? A. Amazon RDS B. Amazon Glacier C. Amazon DyanamoDB D. Amazon Redshift
D. Amazon Redshift is best suited for traditional OLAP transactions.
Which of the following is the security protocol supported by Amazon VPC? A. SSH B. Advanced Encryption Standard (AES) C. Point-to-Point Tunneling Protocol (PPTP) D. IPsec
D. IPsec is the security protocol supported by Amazon VPC.
What should you consider when choosing a database type? A. Data Size B. Data access period C. Query Frequency D. Highly-Available E. All of the above
E. All of the above
Which AWS service is specifically designed to assist you in processing large data assets
EMR - web service that makes it easy to process large amounts of data efficiency
FIGHT DR MCPXZ
F - FPGA - Field programmable gate array I - IOPS G - Graphics H - High Disk Throughput T - Cheap General Purpose D - Density R- RAM M - Main Choice for general purpose apps C - compute P- pics X - xtreme memory Z - extreme memory and CPU
Which of the Route 53 policies allow you to 1. Route data to second resource if the first is unhealthy, and 2. Route data to resources that have better performance
Failover Routing and latency based routing
IAM is a regional service
False
Access Control lists are used to make entire buckets public
False - bucket policies
AWS Simple monthly calculator
Gives a month view into AWS pricing
Data archival service that is extremely inexpensive, but has a server hour data retrieval window
Glacier
Which is not a feature of AWS organizations a. Hierarchical based control over groups of IAM users and roles, within multiple accounts b. Grouping all of your AWS accounts into organizational unit (OUs) as part of a hierarchy c. Granular configuration of Security groups within a vpc d. AWS accounts which are members of an organization can have the benefit of Consolidated billing
Granular configuration of Security Groups within a VPC
Which Compliance guarantees attests to the fact that the AWS platform has met the standard required for t he secure storage of medical records in the US?
HIPAA (Health insurance portability and Accountability Act)
The AWS web application firewall can go down to which of the following OSI layers?
Layer 7
EMR
Provides managed Hadoop framework to process data across EC2 instances, big data
Which EC2 instance type will realize a savings over time in exchange for a contracted term of service
Reserved
You need to host a file in a location that's publicly accessible from anywhere the world. Which AWS service would best meet that need?
S3, objects can be accessed from anywhere in the world via a dedicated URL
Which of the following AWS services can help you assess the fault tolerance of your AWS environment
Trusted Advisor
Which of the following services will help you optimize your entire AWS environment in real time following AWS best practices?
Trusted Advisor
You need to implement an automated service that will scan your AWS environment with the goal of both improving security and reducing costs. Which service should you use?
Trusted advisor
Elasticsearch Service
deploy, secure, operate, and scale to search, analyze, and visualize data in real-time
Edge Locations
endpoints for AWS which are used for caching content. Consists of CloudFront and Content Delivery Network (CDN)
IAM
identity access management - when you create a user/group, it's created globally
Amazon Organizations
is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage
Spot
lets you purchase spare computing capacity with no upfront commitment at discounted hourly rates, flexible start and end time. Good for: -Feasible at low cost -need additional capacity
Cold HDD (SC1)
lowest cost HDD volume designed for less frequent accessed workloads (file servers)
CloudWatch
monitoring and management services for devs, sysops, site reliability engineers
Cloud Computing
on demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the internet with pay as you go pricing
Origin
origin of all files that the CDN will distribute - S3 bucket, EC2, elastic load balancer
Trusted Advisor
reduce cost, increase performance, and improve security by optimizing your AWS environment - Core checks and recommendations - free - Full trusted advisor - business and enterprise only
EBS
virtual hard disks, provides block level storage volumes for use with EC2 instances
On Demand
you pay a fixed rate for compute or db capacity with no long term commitments or upfront payments. Good for: -low cost + flexibility of ec2 without up front payment -short term workloads -applications that are being tested
What are the features of consolidated billing?
1. A single bill is issued containing the charges for all AWS accounts 2. Multiple standalone accounts are combined and may reduce your overall bill 3. Account charges can be tracked individually
Business Support Plan
1. 24/7 tech support 2. General < 24 hrs 3. System Impaired < 12 hrs 4. Production system impaired < 4 hrs 5. Production System down < 1 hr 6. Pricing - $100/month
Caching
1. Application caching 2. Edge caching
Traditional Computing v Cloud Computing
1. Architecting for Cost 2. Built in Security 3. Higher level Manager Services 4. Operations on AWS 5. Global, Available, and Scalable 6. Assets provisioned resource
Which are principles of sound cloud design
1. Assume everything will fail 2. Disposable Resources 3. Scalability 4. Infrastructure as code
Inspector
1. Automated security assessment service that helps improve security and compliance of applications deployed on AWS 2. Automatically assesses for vulnerabilities and deviances 3. Produces a detailed list of security findings
EC2 Pricing
1. Clock hours of server time 2. Instance type - CPU, memory, storage, networking, capacity 3. Pricing Model - spot, on demand, reserved 4. Number of instances 5. Load balancing 6. Detailed Monitoring - CloudWatch 7. AutoScaling 8. Elastic IP addresses 9. Operates systems and software packages
Types of Amazon Organizations
1. Consolidated Billing 2. All features
Which options should you take in securing your AWS account?
1. Create individual IAM users 2. Activate MFA on the root account 3. Use groups to assign permission to IAM users
Customer Security Responsibilities
1. Customer data 2. Platform, application, identity, and access management 3. Operating system, network, firewall config 4. Client side data, encryption, data integrity, authentication 5. Server Side encryption 6. Network traffic protection
AWS Shield
1. DDos protection service that safeguards web applications running on AWS 2. 2 tiers - standard and advanced 3. Always on detection and inline migrations that minimize downtime and latency -Designed to stop DDoS attacks
You have been asked to deploy a clustered application on a small number of EC2 instances. The application must be placed across multiple az's have speed, low latency communication between each of the nodes, and should also minimize the chance of underlying hardware failure. Best solution?
1. Deploy the EC2 servers in a spread placement group 2. Spread placement groups are recommended for applications that have a small number of critical instances which need to be kept separate from each other
Reserved Options
1. EC2 2. DynamoDB 3. Elasticache 4. Relational DB 5. Redshift
Develop Support Plan
1. General Guidance < 24 hrs 2. System Impaired < 12 hrs 3. Pricing - $29/month
SSD
1. General Purpose SSD 2. Provisioned IOPS SSD
Name 5 free AWS services
1. IAM 2. Elastic Beanstalk 3. AutoScaling 4. CloudFormation 5. VPC
3 Types of Cloud Computing
1. IaaS 2. PaaS 3. SaaS
Benefits of AWS Security
1. Keep your data safe 2. Meet Compliance Requirements 3. Save Money 4. Scale Quickly
Key fundamentals of S3
1. Key - name of object 2. Value - data made up of sequence of bytes
Pricing Models
1. On demand 2. Spot 3. Reserved 4. Dedicated
3 Types of Cloud Deployment
1. Public 2. Private 3. Hybrid
Database Types
1. RDS - SQL, MySQL, Aurora, PostgreSQL, Orcale, MariaDB 2. DynamoDB - No SQL 3. Redshift
Lambda Pricing
1. Request pricing - Free tier: 1 million requests per month - $.20 per 1 million requests 2. Duration Period - 400 gb seconds per month free, up to 3.2 mill seconds of compute time 3. Additional Charge -If your lambda functions incorporate other AWS functions
Optimize cost
1. Right size 2. Elasticity 3. Take advantage of the variety of purchasing options
Control your AWS cost by..
1. Right size your services to meet capacity needs at the lowest cost 2. Save money when you reserve 3. Use the spot market 4. Monitor and track service usage 5. Use cost explorer to optimize savings
Assurance Programs AWS complies with:
1. SOC 2. FISMA 3. PCI 4. ISO
EBS Pricing
1. SSD backed Volumes/HDD backed volumes - per GB 2. Snapshots - per gb 3. Data Transfer out
In addition to choosing the correct EBS volume type for your specific task, what else can be done to increase the performance of your volume?
1. Schedule snapshots of HDD based volumes for periods of low use 2. Ensure that your EC2 instances are types that can be optimized for use with EBS 3. Stripe volumes together in a RAID 0 configuration
Snowball Pricing
1. Service fee per job - snowball 50 tb: $200 - snowball 80 tb: $250 2. Daily Charge - First 10 days are free, after 3. Data Transfer out
AWS Security Responsibilities
1. Software -Compute -Storage -Database -Networking 2. Hardware/AWS global infrastructure -Regions -AZ -Edge locations
Glacier Pricing
1. Storage 2. Data retrieval times 3. $.0004 per GB per month
S3 Pricing
1. Storage class (standard/IA/AZ IA/etc) 2. Storage 3. Requests (get, put, copy) 4. Data transfer out
Magnetics
1. Throughput Optimized HDD (ST1) 2. Cold HDD (SC1) 3. Magnetics
Free Services
1. VPC - virtual data centers 2. Elastic Beanstalk 3. CloudFormation 4. IAM 5. Autoscaling 6. Opsworks 7. Consolidating Billing
CloudFront Distributions
1. Web distributions 2. RTMP - for media
Fundamental Drivers of Cost
1. compute 2. storage 3. data outbound
Route 53
1. global 2. similar to IAM and S3 3. you can use it to direct traffic all around the world and you can use it to register a domain name (domain naming system)
Removing Single Points of Failure
1. introducing redundancy 2. detect failure 3. durable data storage 4. automated multi data center resilience 5. fault isolation and traditional horizontal scaling 6. Shading - split across multiple shards - process data faster
RDS Features
1. multi AZ - for disaster recovery 2. read replicas - for performance
S3 attributes
1. object based 2. 0-5 tb 3. unlimited storage 4. files are stored in buckets 5. universal namespace
You are building a large order processing system and are responsible for securing the database. Which actions will you take to protect the data? (Choose 3 answers) A. Adjust AWS Identity and Access Management (IAM) permissions for administrators. B. Configure security groups and network Access Control Lists (ACLs) to limit network access. C. Configure database users, and grant permissions to database objects. D. Install anti-virus software on the Amazon RDS DB Instance.
A, B, C. Protecting your database requires a multilayered approach that secures the infrastructure, the network, and the database itself. Amazon RDS is a managed service and direct access to the OS is not available.
Your team manages a popular website running Amazon Relational Database Service (Amazon RDS) MySQL back end. The Marketing department has just informed you about an upcoming television commercial that will drive thousands of new visitors to the website. How can you prepare your database to handle the load? (Choose 3 answers) A. Vertically scale the DB Instance by selecting a more powerful instance class. B. Create read replicas to offload read requests and update your application. C. Upgrade the storage from Magnetic volumes to General Purpose Solid State Drive (SSD) volumes. D. Upgrade to Amazon Redshift for faster columnar storage.
A, B, C. Vertically scaling up is one of the simpler options that can give you additional processing power without making any architectural changes. Read replicas require some application changes but let you scale processing power horizontally. Finally, busy databases are often I/O- bound, so upgrading storage to General Purpose (SSD) or Provisioned IOPS (SSD) can often allow for additional request processing.
Which of the following techniques can you use to help you meet Recovery Point Objective (RPO) and Recovery Time Objective (RTO) requirements? (Choose 3 answers) A. DB snapshots B. DB option groups C. Read replica D. Multi-AZ deployment
A, C, D. DB snapshots allow you to back up and recover your data, while read replicas and a Multi-AZ deployment allow you to replicate your data and reduce the time to failover.
What properties of an Amazon VPC must be specified at the time of creation? (Choose 2 answers) A. The CIDR block representing the IP address range B. One or more subnets for the Amazon VPC C. The region for the Amazon VPC D. Amazon VPC Peering relationships
A, C. The CIDR block is specified upon creation and cannot be changed. An Amazon VPC is associated with exactly one region which must be specified upon creation. You can add a subnet to an Amazon VPC any time after it has been created, provided its address range falls within the Amazon VPC CIDR block and does not overlap with the address range of any existing CIDR block. You can set up peering relationships between Amazon VPCs after they have been created.
Which of the following are steps you should take in securing your AWS account? (Choose 3) A. Activate Multifactor Authentication (MFA) on your root account. B. Create a Root IAM role. C. Use Groups to assign permissions to IAM users. D. Create individual IAM users.
A. & C. & D. The Root account should have MFA enabled; you should always create individual users (the Root account should never be used for actual work); and groups should be used to grant permissions to the users you create.
What is the maximum size IP address range that you can have in an Amazon VPC? A. /16 B. /24 C. /28 D. /30
A. /16 The maximum size subnet that you can have in a VPC is /16.
How many IGWs can you attach to an Amazon VPC at any one time? A. 1 B. 2 C. 3 D. 4
A. 1 You may only have one IGW for each Amazon VPC.
What is the default limit for the number of Amazon VPCs that a customer may have in a region? A. 5 B. 6 C. 7 D. There is no default maximum number of VPCs within a region.
A. 5 The default limit for the number of Amazon VPCs that a customer may have in a region is 5.
What happens when you create a new Amazon VPC? A. A main route table is created by default. B. Three subnets are created by default—one for each Availability Zone. C. Three subnets are created by default in one Availability Zone. D. An IGW is created by default.
A. A main route table is created by default. When you create an Amazon VPC, a route table is created by default. You must manually create subnets and an IGW.
Elastic Load Balancing health checks may be what? (Choose three) A. A ping B. A key pair verification C. A connection attempt D. A page request E. An Amazon EC2 instance status check
A. A ping C. A connection attempt E. An Amazon EC2 instance status check
Which of the following AWS services should you use to migrate an existing database to AWS? A. AWS DMS B. Storage Gateway C. Route 53 D. SNS
A. AWS DMS The AWS Database Migrations Service is the best choice.
Which of the following Amazon Web Services can be referred to as a serverless service? (Select three)? A. AWS Lambda B. Elastic Load Balancing C. Amazon SNS D. Amazon DynamoDB
A. AWS Lambda C. Amazon SNS D. Amazon DynamoDB The serverless concept refers to the ability to leverage compute processing functions without the infrastructure overhead. AWS Lambda is a serverless online code scripting platform within AWS that allows the user to write, edit and run code functions in various languages including JSON. These functions can be triggered to call or invoke other AWS applications in the user's build. AWS Cloud9 is a serverless online integrated development environment (IDE) used to author, edit, run debug code of various languages. With DynamoDB, there are no servers to provision, patch, or manage and no software to install, maintain, or operate.
An administrator would like to efficiently automate the replication and deployment of a specific software configuration existent on one EC2 instance onto four hundred others. Which AWS service is BEST suited for this implementation? A. AWS OpsWorks B. AWS Beanstalk C. AWS Launch Configuration D. AWS Auto-scaling
A. AWS OpsWorks
Select TWO statements that describe the main roles of AWS Web Application Firewall (WAF) and AWS Shield? A. AWS Shield Standard is inherently available within the AWS WAF service at no extra cost B. AWS WAF is inherently available within the AWS Shield Standard service at an additional charge C. AWS Web Application Firewall (WAF) will provide expanded protection against SYN floods, DNS query floods and UDP reflection attacks at no additional cost D. AWS Web Application Firewall (WAF) and AWS Shield are fully-managed services E. AWS WAF is a web application firewall that includes AWS Shield - a service that prevents distributed denial of service (DDoS) attacks
A. AWS Shield Standard is inherently available within the AWS WAF service at no extra cost E. AWS WAF is a web application firewall that includes AWS Shield - a service that prevents distributed denial of service (DDoS) attacks AWS Web Application Firewall (WAF) is a web-based application that allows for monitoring of ingress and egress traffic on provisioned web services. These could be in an AWS CloudFront distribution, behind an AWS Load Balancer or standalone instance. AWS WAF includes AWS Shield (AWS Shield Standard that comes at no additional cost and AWS Shield Advanced, on subscription) that protects against SYN floods, DNS query floods and UDP reflection attacks amongst others.
A business analyst would like to move away from creating complex database queries and static spreadsheets when generating regular reports for high-level management. They would like to dynamically publish insightful, graphically appealing reports with interactive dashboards. Which service can they use to accomplish this? A. Amazon QuickSight B. Business intelligence on Amazon Redshift C. Amazon CloudWatch dashboards D. Amazon Athena integrated with Amazon Glue
A. Amazon QuickSight
You are working for a small organization without a dedicated database administrator on staff. You need to install Microsoft SQL Server Enterprise edition quickly to support an accounting back office application on Amazon Relational Database Service (Amazon RDS). What should you do? A. Launch an Amazon RDS DB Instance, and select Microsoft SQL Server Enterprise Edition under the Bring Your Own License (BYOL) model. B. Provision SQL Server Enterprise Edition using the License Included option from the Amazon RDS Console. C. SQL Server Enterprise edition is only available via the Command Line Interface (CLI). Install the command-line tools on your laptop, and then provision your new Amazon RDS Instance using the CLI. D. You cannot use SQL Server Enterprise edition on Amazon RDS. You should install this on to a dedicated Amazon Elastic Compute Cloud (Amazon EC2) Instance.
A. Amazon RDS supports Microsoft SQL Server Enterprise edition and the license is available only under the BYOL model.
Which of the following AWS Support levels offers 24x7 support via phone or chat? A. Business B. Individual C. Developer D. Basic
A. Business The Business and Enterprise support plans offer 24 X 7 support via phone or chat.
You plan to deploy an application on AWS. This application needs to be PCI Compliant. Which of the below steps are needed to ensure compliance? Choose 2 answers from the below: A. Choose AWS services which are PCI Compliant B. Ensure the right steps are taken during application development for PCI Compliance C. Ensure the AWS Services are made PCI Compliant D. Do an audit after the deployment of the application for PCI Compliance
A. Choose AWS services which are PCI Compliant B. Ensure the right steps are taken during application development for PCI Compliance
Which of the following AWS services should you use if you'd like to be notified when you have crossed a billing threshold? A. CloudWatch B. AWS Budget C. AWS Cost Allocation D. Trusted Advisor
A. CloudWatch A CloudWatch alarm can be set to monitor spending on your AWS Account.
Which of the following data archival services is extremely inexpensive, but has a several hour data-retrieval window? A. Glacier B. S3-RRS C. S3-IA D. S3-1Zone-IA E. S3
A. Glacier Glacier offers extremely inexpensive data archival, but requires a 3-5 hour data-retrieval window.
Which of the following are principles of sound cloud design? (Choose 4) A. Infrastructure as code B. Disposable resources C. Treat your servers like pets, not cattle. D. Limit the number of 3rd-party services. E. Scalability F. Tightly-coupled components G. Assume *everything* will fail.
A. Infrastructure as code B. Disposable resources E. Scalability G. Assume *everything* will fail. Build your systems to be scalable, use disposable resources, reduce infrastructure to code, and, please, assume EVERYTHING will fail sooner or later.
Which of the following are components of the Security Pillar of the AWS Well-Architected Framework? Select 3 A. Infrastructure protection B. Customer Service C. IAM D. Technical Account Management E. Detective Controls
A. Infrastructure protection C. IAM E. Detective Controls IAM, Detective Controls, and Infrastructure protection are components of the Security pillar.
In Amazon S3, what is the difference between lifecycle policies and intelligent tiering? A. Lifecycle policies are not dependant on access patterns as is the case with intelligent tiering, instead they are pre-configured with a transition rule. B. Intelligent tiering is an object storage class which is not dependant on access patterns, it uses a pre-configured transition rule. C. When transitioning objects into different storage classes, intelligent tiering is automatic whilst lifecycle policies have to be manually triggered. D. Lifecycle policies cannot be configured to permanently delete objects from an S3 bucket whilst intelligent tiering can do so if versioning is turned on.
A. Lifecycle policies are not dependant on access patterns as is the case with intelligent tiering, instead they are pre-configured with a transition rule.
In Amazon S3, what is the difference between lifecycle policies and intelligent tiering? A. Lifecycle policies are not dependent on access patterns as is the case with intelligent tiering, instead they are pre-configured with a transition rule. B. Intelligent tiering is an object storage class which is not dependent on access patterns, it uses a pre-configured transition rule. C. When transitioning objects into different storage classes, intelligent tiering is z automatic whilst lifecycle policies have to be manually triggered. D. Lifecycle policies cannot be configured to permanently delete objects from an S3 bucket whilst intelligent tiering can do so if versioning is turned on.
A. Lifecycle policies are not dependent on access patterns as is the case with intelligent tiering, instead they are pre-configured with a transition rule. Within Amazon S3, lifecycle policies are used to automatically transition objects through different storage classes in accordance to a preconfigured rule. This rule will typically move the object regardless of how frequently it is accessed.
A mobile shopping list app needs to be able to add, delete, and update items on specific lists anytime a user desires. The back end for the app will run on Amazon EC2 instances with Auto Scaling to manage fluctuations in user demand. Many times, a user will perform maintenance on many list items in a single session. What design characteristic must be incorporated into the app for these requirements to be met? A. Make sure the app doesn't need knowledge of previous transactions. B. Leverage load balancing to distribute transactions to multiple nodes C. Implement session affinity D. Use bootstrapping on the EC2 instances
A. Make sure the app doesn't need knowledge of previous transactions. In order for horizontal scaling to be effective, you'll want to make sure the app doesn't store previous transaction or session information on specific EC2 instances. That way, any EC2 instance provisioned by Auto Scaling can process the request. Leveraging load balancing is also a good practice, but doesn't address the need for a stateless app. Session affinity goes the other direction, directing a load balancer to route transactions to a specific instance each time. Bootstrapping runs scripts each time an EC2 instance is provisioned.
True or False: A Distribution is what we call a series of Edge Locations that make up CDN? A.True B. False
A. True The collection of a CDN's Edge Locations is called a Distribution.
Your team is building an order processing system that will span multiple Availability Zones. During testing, the team wanted to test how the application will react to a database failover. How can you enable this type of test? A. Force a Multi-AZ failover from one Availability Zone to another by rebooting the primary instance using the Amazon RDS console. B. Terminate the DB instance, and create a new one. Update the connection string. C. Create a support case asking for a failover. D. It is not possible to test a failover.
A. You can force a failover from one Availability Zone to another by rebooting the primary instance in the AWS Management Console. This is often how people test a failover in the real world. There is no need to create a support case.
To view all categories of instance metadata from within a running instance, which URI should you use? (Select the best answer) A. http://169.254.169.254/latest/meta-data/ B. http://245.196.245.196/latest/meta-data/ C. http://254.169.254.169/latest/meta-data/ D. http://196.245.196.245/latest/meta-data/
A. http://169.254.169.254/latest/meta-data/
Patches
AWS is responsible for patches within infrastructure, but customers are responsible for patching their guest OS and application
Reservations
Ability to receive a greater discount by paying capacity ahead of time. Contract terms are 1 or 3 years. Good for: - steady state or predictable usage - require reserved capacity lalala
Choose the features of Consolidated Billing. (Choose 3) A. Charging is based per VPC B. Multiple standalone accounts are combined and may reduce your overall bill C. Account charges can be tracked individually D. A single bill is issued containing the charges for all AWS Accounts
B. & C. & D
Which of the following are characteristics of the Auto Scaling service on AWS? (Choose three) A. Sends traffic to healthy instances B. Responds to changing conditions by adding or terminating Amazon EC2 instances. C. Delivers push notifications D. Launches instances from a specified AMI E. Enforces a minimum number of running Amazon EC2 instances.
B. & D. & E.
In Amazon DynamoDB, an attribute is ______. A. A collection of items B. A fundamental data element C. A collection of attributes
B. A fundamental data element In Amazon DynamoDB, an attribute is a fundamental data element.
Which AWS database service is best suited for traditional Online Transaction Processing (OLTP)? A. Amazon Redshift B. Amazon Relational Database Service (Amazon RDS) C. Amazon Glacier D. Elastic Database
B. Amazon RDS is best suited for traditional OLTP transactions. Amazon Redshift, on the other hand, is designed for OLAP workloads. Amazon Glacier is designed for cold archival storage.
Amazon VPC ________. A. Allows you to build a private, virtual network in the AWS cloud. B. Amazon VPC offers all of these features. C. Offers several layers of security controls. Affords you complete control of network configuration.
B. Amazon VPC offers all of these features Amazon VPC allows you to build a private, virtual network in the AWS cloud, affords you complete control of network configuration, and offers several layers of security controls.
What are the three types of load balancers that ELB offers? A. Internet Load Balancer B. Application Load Balancer C.Network Load Balancer D. Compute Load Balancer E. Classic Load Balancer F. Auto Scaling Load Balancer
B. Application Load Balancer C.Network Load Balancer E. Classic Load Balancer
With RDS, read-replicas are available for which of the following? (Choose 5) A. MS SQLServer B. Aurora C. PostgreSQL D. MySQL E. Oracle F. MariaDB
B. Aurora C. PostgreSQL D. MySQL E. Oracle F. MariaDB Read-replicas are available for MySQL, Aurora, MariaDB, PostgreSQL and Oracle. MS SQL offers similar functionality but not in the form of RDS read replicas.
Which of the following is a Shared Control of the AWS Shared Responsibility Model? A. EC2 Instance Application Configuration B. Awareness & Training C. Identity and Access Management D. Datacenter Security
B. Awareness & Training Shared Controls are elements of the Shared Responsibility Model where both AWS and the customer have shared responsibilities within their own contexts. Awareness & Training is a Shared Control, since AWS trains AWS employees, but a customer must train their own employees. Datacentre Security is solely the responsibility of AWS. Configuration of an Application within an EC2 instance, and Identity and Access Management remain the responsibility of the customer
Why is Amazon DynamoDB service best-suited for implementation in mobile, Internet of Things (IoT) and gaming applications? A. DynamoDB is a fully-managed database instance with no infrastructure overheads B. DynamoDB has a flexible data model and single-digit millisecond latency C. Whilst in operation, DynamoDB instances are spread across at least three geographically distinct centers, AWS Regions D. DynamoDB supports eventual and strongly consistent reads
B. DynamoDB has a flexible data model and single-digit millisecond latency
True or False: The Standard version of AWS Shield offers automated application (layer 7) traffic monitoring. A. True B. False
B. False Only AWS Shield Advanced offers automated application layer monitoring.
True or False: S3 Transfer Acceleration uses AWS' network of Availability Zones to more quickly get your data into AWS. A. True B. False
B. False S3 Transfer Acceleration uses AWS' network of Edge Locations to more quickly get your data into AWS.
True or False: To restrict access to an entire bucket, you use bucket control lists; and to restrict access to an individual object, you use object policies. A. True B. False
B. False To restrict access to an entire bucket, you use bucket policies; and to restrict access to an individual object, you use access control lists.
AWS IAM is appropriate for OS and application authentication. A. True B. Fasle
B. Fasle
In Cost Optimization, what is referred to as EC2 Right Sizing? A. It is a cost-effective solution to determine the appropriate Amazon EC2 resources such as memory, processor type and storage when provisioning an instance type. B. It is a cost-saving solution that analyses data over a period of time to determine and recommend the type of Amazon EC2 instances appropriate for your workload. C. It is the scaling down or scaling up of Amazon EC2 instances and instance types to meet workload demand by maintaining only the threshold resources. D. It is a cost-saving solution that outlines the recommendations of best practice in four aspects namely cost optimization, performance, fault-tolerance and service limits.
B. It is a cost-saving solution that analyses data over a period of time to determine and recommend the type of Amazon EC2 instances appropriate for your workload.
IAM policies are written using ________. A. SGML B. JSON C. SAML D. XML
B. JSON IAM policies are written using JSON.
Which of the following are required elements of an Auto Scaling group? (Choose two) A. Desired Capacity B. Launch Configuration C. Health checks D. Minimum size
B. Launch Configuration D. Minimum size
Which of the following options will help increase the availability of a web server farm? (Choose two) A. Deploy the instance in an Amazon Virtual Private Cloud. B. Launch web server instance across Multiple AZ. C. Use CloudFront to deliver content to end users. D. Add more CPU & RAM to each instance. E. Leverage Auto Scaling to recover from failed instances.
B. Launch web server instance across Multiple AZ. E. Leverage Auto Scaling to recover from failed instances.
Which of the following does AWS perform on its behalf for EBS volumes to make it less prone to failure? A. Replication of the volume across Availability Zones B. Replication of the volume in the same Availability Zone C. Replication of the volume across Regions D. Replication of the volume across Edge locations
B. Replication of the volume in the same Availability Zone When you create an EBS volume in an Availability Zone, it is automatically replicated within that zone to prevent data loss due to failure of any single hardware component
What aspect of an Amazon VPC is stateful? A. Network ACLs B. Security groups C. Amazon DynamoDB D. Amazon S3
B. Security groups Security groups are stateful, whereas network ACLs are stateless.
Which TWO statements best describe the AWS Personal Health Dashboard? A. A concise representation of the general status of AWS services B. User-specific view on the availability and performance of AWS services underlying their AWS resources. C. A service that prompts the user with alerts and notifications on AWS scheduled activities, pending issues, and planned changes. D. A minute-by-minute update of system outages and service errors on the AWS global infrastructure E. A rolling log of all service interruptions across the AWS network, records of incidencies persistent for a year
B. User-specific view on the availability and performance of AWS services underlying their AWS resources. C. A service that prompts the user with alerts and notifications on AWS scheduled activities, pending issues, and planned changes.
You are a solutions architect working for a large travel company that is migrating its existing server estate to AWS. You have recommended that they use a custom Amazon VPC, and they have agreed to proceed. They will need a public subnet for their web servers and a private subnet in which to place their databases. They also require that the web servers and database servers be highly available and that there be a minimum of two web servers and two database servers each. How many subnets should you have to maintain high availability? A. 2 B. 3 C. 4 D. 1
C. 4 You need two public subnets (one for each Availability Zone) and two private subnets (one for each Availability Zone). Therefore, you need four subnets.
You need to use an AWS service to assess the security and compliance of your EC2 instances. Which of the following services should you use? A. AWS WAF B. AWS Shield C. AWS Inspector D. AWS Trusted Advisor
C. AWS Inspector AWS Inspector assesses the security and compliance of your EC2 instances.
What does the IAM policy simulator do? A. Generates policies. B. Automatically examines your existing IAM access control policies to ensure they comply with IAM policy grammar C. Evaluates the policies you chose and determines the effective permissions for each of the actions you specify. D. Is a standalone policy you can attach to multiple users, group, a& roles in your AWS account. E. All of the above.
C. Evaluates the policies you chose and determines the effective permissions for each of the actions you specify.
Amazon VPC allows you to build a private, virtual network in the AWS cloud, affords you complete control of network configuration, and offers several layers of security controls? A. Using the AWS DynamoDB service B. Using the AWS RDS service C. Hosting the database on an EC2 Instance D. Using the Amazon Aurora service
C. Hosting the database on an EC2 Instance If you want a self-managed database, that means you want complete control over the database engine and the underlying infrastructure. In such a case you need to host the database on an EC2 Instance
You need to allow resources in a private subnet to access the internet. Which of the following must be present to enable this access? A. Route Tables B. Security Groups C. NAT Gateway D. Network Access Control Lists
C. NAT Gateway A NAT Gateway is required to allow resources in a private subnet to access the internet.
What is AWS Trusted Advisor? A. AWS service that helps you manage access to your account. B. Partner program that helps you validate your application deployment. C. Online tool that helps you configure resources to follow best practices. D. Professional Service offering that helps your migrate to the cloud.
C. Online tool that helps you configure resources to follow best practices.
Which of the following Compliance certifications attests to the security of the AWS platform regarding credit card transactions? A. ISO 27001 B. SOC 2 C. PCI DSS Level 1 D. SOC 1
C. PCI DSS Level 1 A PCI DSS Level 1 certification attests to the security of the AWS platform regarding credit card transactions.
Which of the following is not part of the AWS Global infrastructure? A. Availability Zones B. Regions C. Security Groups D. Edge Locations
C. Security Groups Regions, AZs, and Edge Locations are part of the AWS Global Infrastructure.
A telecommunications company has his hired you as a consultant to develop a business case for moving its IT applications and infrastructure to AWS. The company's leadership understands the agility value of the cloud, but the finance group is not interested in shifting capital expense to operating expense due to the company's tax structure. What will you include in the business case to attempt to satisfy everyone at the company? A. Show the company the TCO value of moving to an operating expense model B. Show the value of an elastic infrastructure for avoiding wasted capacity C. Suggest that the company make reserved instance purchases and capitalize them D. Suggest that the company wait to migrate to AWS until the current infrastructure is fully depreciated
C. Suggest that the company make reserved instance purchases and capitalize them Many companies capitalize reserved instance purchases, especially those with 3-year terms. Waiting for current infrastructure to fully depreciate will cause the company to miss the other cloud benefits that are available. Moving the company to an operating expense model will prove too large a task, and will most likely result in a rejected business case. Elastic infrastructure is definitely a benefit, but doesn't address the capitalization issue.
Infrastructure as Code
CF
In the Shared Responsibility Model, AWS has responsibility of providing what? (Select the best answer) A. Security of the Cloud B. Security for the cloud C. Security in the cloud D. Security of the cloud
D. Security of the cloud
Which of the following is correct? A. # of Regions > # of Availability Zones > # of Edge Locations B. # of Availability Zones > # of Edge Locations > # of Regions C. # of Availability Zones > # of Regions > # of Edge Locations D. # of Edge Locations > # of Availability Zones > # of Regions
D. # of Edge Locations > # of Availability Zones > # of Regions The number of Edge Locations is greater than the number of Availability Zones, which is greater than the number of Regions.
How long does Amazon CloudWatch keep metric data? A. 2 weeks B. 1 month C. 12 months D. 15 months E. 24 months
D. 15 months
How many VPC Peering connections are required for four VPCs located within the same AWS region to be able to send traffic to each of the others? A. 3 B. 4 C. 5 D. 6
D. 6 Six VPC Peering connections are needed for each of the four VPCs to send traffic to the other.
What is defined as the ability for a system to remain operational even if some of the components of that system fail? (Select the best answer) A. DNS failover B. High durability C. High availability D. Fault Tolerance
D. Fault Tolerance
create numerous testing environments each day based on multiple concurrent project activities. Provisioning of these environments needs to happen within minutes to ensure that project deadlines are met. The number of environments needed daily varies depending shifting priorities in business requirements. How can the team best achieve the agility they need for creating the testing environments? A. Invoke AWS Lambda functions to run the test scenarios B. Leverage AWS Auto Scaling to expand and contract the testing server pool based on demand C. Use AWS Systems Manager Automation to provision and de-provision the testing environments D. Have AWS CloudFormation provision the stacks and resources needed for the testing environments
D. Have AWS CloudFormation provision the stacks and resources needed for the testing environments AWS CloudFormation provides templates to specify all the AWS resources needed by the testing environments. These templates can be instantiated as stacks to provision consistent environments every time one is needed. AWS Auto Scaling will only handle the EC2 instances, and expands and contracts instances based on policies. AWS Systems Manager is useful for system administration tasks, and AWS Lambda has run-time limitations.
Which of the following best describes a system that is always available, without the need for human intervention? (Select the best answer) A. Elastic B. Fault-Tolerant C. Scalable D. High-Available
D. High-Available
What is an AWS IAM instance profile? (Select the best answer) A. Is a document created using JSON that describes a set of permissions. B. Defines what actions you want to allow. C. Defines which resources you allow the action on D. Is a container for an IAM role that you can use to pass role information to an EC@ instance when the instance starts.
D. Is a container for an IAM role that you can use to pass role information to an EC@ instance when the instance starts.
An online education company has customers on four continents. They need to run software functions to customize offerings for students in various locations around the globe based on parameters that each student enters. Which AWS service will provide this capability with the highest performance efficiency? A. Amazon API Gateway B. Amazon CloudFront C. Amazon Elastic Container Service D. Lambda@Edge
D. Lambda@Edge Lambda@Edge provides the capability to run Lambda functions at Edge Locations based on events generated by the CloudFront content delivery network, allowing customers to extend their web applications globally. Amazon Elastic Container Service and Amazon API Gateway would require implementations in each desired region.
You are a system administrator whose company has moved its production database to AWS. Your company monitors its estate using Amazon CloudWatch, which sends alarms using Amazon Simple Notification Service (Amazon SNS) to your mobile phone. One night, you get an alert that your primary Amazon Relational Database Service (Amazon RDS) Instance has gone down. You have Multi-AZ enabled on this instance. What should you do to ensure the failover happens quickly? A. Update your Domain Name System (DNS) to point to the secondary instance's new IP address, forcing your application to fail over to the secondary instance. B. Connect to your server using Secure Shell (SSH) and update your connection strings so that your application can communicate to the secondary instance instead of the failed primary instance. C. Take a snapshot of the secondary instance and create a new instance using this snapshot, then update your connection string to point to the new instance. D. No action is necessary. Your connection string points to the database endpoint, and AWS automatically updates this endpoint to point to your secondary instance.
D. Monitor the environment while Amazon RDS attempts to recover automatically. AWS will update the DB endpoint to point to the secondary instance automatically.
Which use case would warrant the cost-effective implementation of Amazon EC2 Reserved Instances with Spot Instances in the same build? A. A build that has sudden unpredictable workload spikes but for a short time horizon B. One in which there is a predictable resource demand over a long time horizon C. One that has a predictable workload over a long time horizon with prolonged and unpredictable spikes. D. One that has a constantly predictable workload with brief unpredictable spikes
D. One that has a constantly predictable workload with brief unpredictable spikes
Which of the following are not valid CloudFormation template sections? A. Resources B. Parameters C. Outputs D. Options
D. Options In total there are 9 valid sections allowed within a CloudFormation template. In the answers above, only "Parameters", "Resources" and "Outputs" are considered valid. "Options" is not a template section.
Amazon Lightsail is an example of which of the following? A. Software as a Service B. Infrastructure as a Service C. Functions as a Service D. Platform as a Service
D. Platform as a Service Lightsail is AWS' Platform-as-a-Service offering.
Which of the following is an accurate statement regarding AWS resource tags? (Select TWO) A. All AWS resource tags have a semantic interpretation B. Within a resource tag, every defined key must have a value string C. By default, resource tags are assigned as null, null D. Resource tags can be edited or removed at any time E. Placement group does not support tags
D. Resource tags can be edited or removed at any time E. Placement group does not support tags
You need to host a file in a location that's publicly accessible from anywhere in the world. Which AWS service would best meet that need? A. RDS B. EC2 C. EBS D. S3
D. S3 With S3, objects can be accessed from anywhere in the world via a dedicated URL.
While running an application on an EC2 instance behind an Elastic Load Balancer, an administrator receives a 504 error on their browser. What does this mean? A. The ELB instance has stopped running B. The application running on the EC2 instance is serving the 504 error page because it has exceeded its response timeout C. The URL for the application has expired D. The application is unresponsive so the ELB instance serves the 504 error page
D. The application is unresponsive so the ELB instance serves the 504 error page
Which of the following Amazon VPC resources would you use in order for EC2-VPC instances to send traffic directly to Amazon S3? A. Amazon S3 gateway B. IGW C. CGW D. VPC endpoint
D. VPC endpoint An Amazon VPC endpoint enables you to create a private connection between your Amazon VPC and another AWS service without requiring access over the Internet or through a NAT device, VPN connection, or AWS Direct Connect.
Which of the following must be configured on an Elastic Load Balancing load balancer to except incoming traffic? A. An instance B. A network interface C. A port D. A listener
D. You configure the load balancer to accept incoming traffic by specifying one or more listeners.
Which service should you use to migrate an existing db to AWS
DMS
Traffic Distribution
Data transfer and requests used to deliver content
S3 Intelligence Tiering (Storage Class)
Designed to optimize costs by automatically moving data to the most cost effective access tier, without performance impact of operational overboard
What best describes an AZ
Distinct locations from within an AWS region that is engineering to be isolated from failures
What does S3 Transfer Acceleration use to get your data into AWS quicker?
Edge location
You have a mission critical application which must be globally available at all times. Which deployment strategy should you follow?
Multi-region
Which Compliance certs attests to the security of the AWS platform regarding credit card transactions
PCI DSS level 1
Snowball
Petabyte scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud
Dedicated Instances
Physical EC2 server dedicated for your use. Good for: -Regulatory requirements -Licensing
What is the document used to grant permissions to users, groups, and roles
Policy
You are considering moving an on prem SQL server cluster into AWS, using EC2 instances rather than RDS. You need to recommend the the most suitable EBS volume type for the cluster to use, but also pair it with a suitable Ec3 instance type. You know that the throughput must be good, but the most improtant thing is to maintain a consistent level of IOPS under normal load which can increase to a much higher level at busy times. Choose the best EC2 and EBS option..
Provisioned IOPS EBS volumes with R5 EC2 instances
S3 can be used to host a dynamic website, like the one the runs on a LAMP stack
S3 can host static websites
S3 object storage is suitable for the storage of flat files (word docs, photos, etc)
True
AutoScaling
automatically adjusts capacities to maintain steady, predictable performance at the lowest possible cost
CloudFront
content delivery network is a system of distributed servers that deliver web pages and to other web content to a user based on the geographic locations of the user, the origin of the web page, and a content delivery server
Inherited Controls
controls which a customer fully inherits from AWS
Shared Controls
controls which apply to both infrastructure layer customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the reqs for the infrastructure and the customer must provide their own control implementation within their use of AWS services
CloudFormation
easy to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion
AWS Cost Explorer
easy to use interface that lets you visualize, understand, and manage your AWS costs and usage over time
Both you and a friend can have a S3 bucket called mytestbucket
false
S3 IA (Storage Class)
for data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3, ut you are charged a retrieval fee
Paying Accounts
independent, cannot access the resources of other accounts limit 20 accounts