Cloud Practitioner
Which of the following AWS services are compute services? (Select TWO.) AWS Batch Amazon EFS AWS CloudTrail Amazon Inspector AWS Elastic Beanstalk
AWS Batch AWS Elastic Beanstalk
Which AWS service can a team use to deploy infrastructure on AWS using familiar programming languages? AWS Config Amazon CodeGuru AWS Cloud Development Kit (AWS CDK) AWS CodeCommit
AWS Cloud Development Kit (AWS CDK): software development framework to define cloud application resources using familiar programming languages. (CodeGuru is used to review code and provide intelligent recommendations for improvement.)
Which of the following can an AWS customer use to launch a new ElastiCache cluster? (Select TWO.) AWS Data Pipeline AWS CloudFormation AWS Management Console AWS Systems Manager AWS Concierge
AWS CloudFormation AWS Management Console (Can launch resources with Management Console or CLI or automate with CloudFormation. Concierge is support team for customers with Enterprise support plans.)
Which AWS services can be used as infrastructure automation tools? (Select TWO.) AWS CloudFormation Amazon CloudFront AWS Batch AWS OpsWorks Amazon QuickSight
AWS CloudFormation AWS OpsWorks AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. CloudFront is a fast content delivery network (CDN) service. AWS Batch enables users to run hundreds of thousands of batch computing jobs on AWS.
Which service can an organization use to track API activity within their account? AWS CloudTrail Amazon CloudWatch AWS IAM AWS CloudHSM
AWS CloudTrail
Which AWS service provides a managed software version control system? AWS CodeCommit AWS DataSync AWS CodePipeline Amazon CodeDeploy
AWS CodeCommit
A Cloud Practitioner needs a tool that can assist with viewing and managing AWS costs and usage over time. Which tool should the Cloud Practitioner use? AWS Budgets AWS Organizations AWS Cost Explorer Amazon Inspector
AWS Cost Explorer: has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time.
Which service provides the ability to simply upload applications and have AWS handle the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring? Amazon EC2 AWS Elastic Beanstalk Amazon EC2 Auto Scaling AWS OpsWorks
AWS Elastic Beanstalk Amazon EC2 is an IaaS solution that provides unmanaged instances that you can deploy with a variety of operating systems. AWS OpsWorks provides a managed service for Chef and Puppet. This service is involved with automation and configuration management.
A company is deploying a new web application in a single AWS Region that will be used by users globally. Which AWS services will assist with lowering latency and improving transfer speeds for the global users? (Select TWO.) AWS Direct Connect AWS Global Accelerator AWS Transit Gateway AWS Snowcone Amazon CloudFront
AWS Global Accelerator Amazon CloudFront: content delivery network that caches content around the world. (Direct Connect provides private connections from data centers to AWS. Transit Gateway is used for optimizing network topology of interconnected VPCs and on-premises networks. Snowcone is used as an edge device for transferring data.)
A security operations engineer needs to implement threat detection and monitoring for malicious or unauthorized behavior. Which service should be used? AWS Shield AWS KMS AWS CloudHSM AWS GuardDuty
AWS GuardDuty (AWS Shield is a managed Distributed Denial of Service (DDoS) protection service. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.)
A company is deploying an application on Amazon EC2 that requires low-latency access to application components in an on-premises data center. Which AWS service or resource can the company use to extend their existing VPC to the on-premises data center? Amazon Workspaces AWS Direct Connect AWS Outposts Amazon Connect
AWS Outposts AWS Outposts is a fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility for a truly consistent hybrid experience. With AWS Outposts you can extend your VPC into the on-premises data center. (Direct Connect is used for creating a low-latency private connection to an on-premises data center but it cannot be used to extend the VPC.)
Which resource should a new user on AWS use to get help with deploying popular technologies based on AWS best practices, including architecture and deployment instructions? AWS Artifact AWS CloudFormation AWS Quick Starts AWS Config
AWS Quick Starts
A Cloud Practitioner is developing a new application and wishes to integrate features of AWS services directly into the application. Which of the following is the BEST tool for this purpose? AWS CodeDeploy AWS Software Development Kit AWS Command Line Interface (CLI) AWS CodePipeline
AWS Software Development Kit
Which service allows an organization to view operational data from multiple AWS services through a unified user interface and automate operational tasks? AWS Config AWS OpsWorks AWS Systems Manager Amazon CloudWatch
AWS Systems Manager
A user needs to identify underutilized Amazon EC2 instances to reduce costs. Which AWS service or feature will meet this requirement? AWS Cost Explorer AWS Trusted Advisor AWS Health Dashboard AWS CodeBuild
AWS Trusted Advisor
Which of the following will help a user determine if they need to request an Amazon EC2 service limit increase? Amazon RDS AWS Cost Explorer AWS Trusted Advisor AWS Health Dashboard Explanation
AWS Trusted Advisor (Health dashboard shows issues or upcoming events that may impact resources. Cost Explorer is used for viewing costs and will not assist with service limits.)
Which AWS Cloud service provides recommendations on how to optimize performance for AWS services? AWS CloudTrail Amazon Inspector AWS Trusted Advisor Amazon CloudWatch
AWS Trusted Advisor (checks service limits, ensuring you take advantage of provisioned throughput, and monitors for over-utilized instances)
Which AWS service or feature can assist with protecting a website that is hosted outside of AWS? AWS Web Application Firewall (WAF) Amazon VPC network ACLs Amazon VPC route tables Amazon EC2 security groups
AWS Web Application Firewall (WAF)
Which of the following are valid benefits of using the AWS Cloud? (Select TWO.) Ability to go global quickly. Fast provisioning of IT resources. Outsource all operational risk. Total control over data center infrastructure. Outsource all application development to AWS.
Ability to go global quickly. Fast provisioning of IT resources.
Which authentication method is used to authenticate programmatic calls to AWS services? Console password Server certificate Key pair Access keys
Access keys
Which type of credential should a Cloud Practitioner use for programmatic access to AWS resources from the AWS CLI/API? SSH public keys Access keys User name and password SSL/TLS certificate
Access keys (An IAM user name and password can be used for console access but cannot be used with the CLI or API.)
When using Amazon IAM, what authentication methods are available to use? (Select TWO.) Client certificates Access keys AWS KMS Server certificates AES 256
Access keys Server certificates
Which of the options below are recommendations in the cost optimization pillar of the well-architected framework? (choose 2) Adopt a consumption model Adopt a capital expenditure model Start spending money on data center operations Analyze and attribute expenditure Manage your services independently
Adopt a consumption model Analyze and attribute expenditure There are five design principles for cost optimization in the cloud: - Adopt a consumption model. - Measure overall efficiency. - Stop spending money on data center operations. - Analyze and attribute expenditure. - Use managed services to reduce cost of ownership.
How does the consolidated billing feature of AWS Organizations treat Reserved Instances that were purchased by another account in the organization? All accounts in the organization are treated as one account so any account can receive the hourly cost benefit Only the master account can benefit from the hourly cost benefit of the reserved instances All accounts in the organization are treated as one account for volume discounts but not for reserved instances AWS Organizations does not support any volume or reserved instance benefits across accounts, it is just a method of aggregating bills
All accounts in the organization are treated as one account so any account can receive the hourly cost benefit
When using AWS Organizations with consolidated billing what are two valid best practices? (Select TWO.) Always enable multi-factor authentication (MFA) on the root account Always use a straightforward password on the root account The paying account should be used for billing purposes only Use the paying account for deploying resources Never exceed the limit of 20 linked accounts
Always enable multi-factor authentication (MFA) on the root account The paying account should be used for billing purposes only ("Use the paying account for deploying resources" is incorrect as you should deploy resources in the linked accounts.)
A company is deploying a MySQL database on AWS. The database must easily scale and have automatic backup enabled. Which AWS service should the company use? Amazon Aurora Amazon DocumentDB Amazon DynamoDB Amazon Athena
Amazon Aurora (Aurora is a relational database; extremely fast and scalable; offers automated backups) (Athena is used for querying data in S3 using SQL)
A website has a global customer base and users have reported poor performance when connecting to the site. Which AWS service will improve the customer experience by reducing latency? AWS Direct Connect Amazon EC2 Auto Scaling Amazon CloudFront Amazon ElastiCache
Amazon CloudFront
Which AWS service does API Gateway integrate with to enable users from around the world to achieve the lowest possible latency for API requests and responses? AWS Direct Connect Amazon S3 Transfer Acceleration Amazon CloudFront AWS Lambda
Amazon CloudFront (Amazon S3 Transfer Acceleration is a bucket-level feature that enables faster data transfers to and from Amazon S3.)
A Cloud Practitioner needs to monitor a new Amazon EC2 instances CPU and network utilization. Which AWS service should be used? Amazon CloudWatch Amazon Inspector AWS Systems Manager AWS CloudTrail
Amazon CloudWatch (CloudTrail is used for auditing. Inspector is an automated security service. Systems Manager is used for managing EC2 instances such as installing patches and software.)
Which AWS services can a company use to gather information about activity in their AWS account? (Select TWO.) Amazon CloudFront Amazon CloudWatch AWS Trusted Advisor Amazon Connect AWS CloudTrail
Amazon CloudWatch AWS CloudTrail (CloudFront is a content delivery network (CDN). TrustedAdvisor is used to assist with guidance on provisioning resources according to best practice.)
Which database allows you to scale at the push of a button without incurring any downtime? Amazon RDS Amazon EMR Amazon DynamoDB Amazon RedShift
Amazon DynamoDB
A company plans to deploy a relational database on AWS. The IT department will perform database administration. Which service should the company use? Amazon ElastiCache Amazon RedShift Amazon DynamoDB Amazon EC2
Amazon EC2 (RedShift is managed data warehouse solution and is better suited to use cases where analytics of data is required. ElastiCache is a managed service for in-memory, high-performance caching of database content. DynamoDB is a non-relational (NoSQL) type of database.)
Customers using AWS services must patch operating systems on which of the following services? Amazon DynamoDB Amazon EC2 AWS Fargate AWS Lambda
Amazon EC2 Fargate, Lambda, and DynamoDB are serverless services and you do not need to manage patches.
A company is planning to deploy an application with a relational database on AWS. The application layer requires access to the database instance's operating system in order to run scripts. The company prefer to keep management overhead to a minimum. Which deployment should be used for the database? Amazon RDS Amazon EC2 Amazon DynamoDB Amazon S3
Amazon EC2 The company would like to keep management overhead to a minimum so RDS would be good to meet that requirement. However, with RDS you cannot access the operating system so the requirement for running scripts on the OS rules RDS out. Therefore, the next best solution is to deploy on an Amazon EC2 instances
Which of the following AWS features or services can be used to provide root storage volumes for Amazon EC2 instances? Amazon Elastic File System (EFS) Amazon Elastic Block Store (EBS) Amazon Simple Storage Service (S3) Amazon Machine Image
Amazon Elastic Block Store (EBS)
Which service provides a way to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs? Amazon Elastic Transcoder AWS Glue Amazon Rekognition Amazon Comprehend
Amazon Elastic Transcoder (AWS Glue is a fully managed extract, transform, and load (ETL) service for data analytics. Comprehend is a natural language processing service.)
Which of the below is a fully managed Amazon search service based on open source software? AWS Elastic Beanstalk AWS OpsWorks Amazon CloudSearch Amazon Elasticsearch
Amazon Elasticsearch (Amazon CloudSearch is a managed service in the AWS Cloud. Unlike Elasticsearch, this is not based on open source software.)
Which AWS feature can be used to launch a pre-configured Amazon Elastic Compute Cloud (EC2) instance? Amazon AppStream 2.0 Amazon Machine Image (AMI) Amazon EC2 Systems Manager Amazon Elastic Block Store (EBS)
Amazon Machine Image (AMI)
Which AWS service can a company use to discover and protect sensitive data that is stored in Amazon S3 buckets. AWS Policy Generator Amazon GuardDuty Amazon Detective Amazon Macie
Amazon Macie: uses ML and pattern matching to discover and protect sensitive data. (Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior. Amazon Detective automatically processes terabytes of event data records about IP traffic, AWS management operations, and malicious or unauthorized activity.)
Which of the below AWS services supports automated backups as a default configuration? Amazon S3 Amazon RDS Amazon EC2 Amazon EBS
Amazon RDS
Which of the following deployments involves the reliability pillar of the AWS Well-Architected Framework? Amazon EBS provisioned IOPS volume Use CloudFormation to deploy infrastructure Attach a WebACL to a CloudFront distribution Amazon RDS Multi-AZ deployment
Amazon RDS Multi-AZ deployment
To gain greater discounts, which services can be reserved? (Select TWO.) Amazon RedShift Amazon S3 AWS Lambda Amazon DynamoDB Amazon CloudWatch
Amazon RedShift Amazon DynamoDB Some of the services you can reserve include: EC2, DynamoDB, ElastiCache, RDS, and RedShift.
Which statement best describes Amazon Route 53? Amazon Route 53 is a service that enables routing within VPCs in an account Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service Amazon Route 53 enables hybrid cloud models by extending an organization's on-premise networks into the AWS cloud Amazon Route 53 is a service for distributing incoming connections between a fleet of registered EC2 instances
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service
A company needs to publish messages to a thousands of subscribers simultaneously using a push mechanism. Which AWS service should the company use? Amazon Simple Queue Service (Amazon SQS) Amazon Simple Workflow Service (SWF) AWS Step Functions Amazon Simple Notification Service (Amazon SNS)
Amazon Simple Notification Service (Amazon SNS)
A company is designing a new a service that must align with the operational excellence pillar of the AWS Well-Architected Framework. Which design principles should the company follow? (Select TWO.) Perform manual operations. Create static operational procedures. Anticipate failure. Make large-scale changes. Perform operations as code.
Anticipate failure. Perform operations as code.
What technology enables compute capacity to adjust as loads change? Load balancing Automatic failover Round robin Auto Scaling
Auto Scaling (Load balancing is more focused on high availability by distributing connections to multiple instances.)
Which benefits can a company gain by deploying a relational database on Amazon RDS instead of Amazon EC2? (Select TWO.) Root access to OS Schema management Automated backups Indexing of tables Software patching
Automated backups Software patching
Which of the options below are recommendations in the reliability pillar of the well-architected framework? (Select TWO.) Use ad-hoc recovery procedures Automatically recover from failure Scale vertically to increase aggregate system availability Attempt to accurately estimate capacity requirements Manage change in automation
Automatically recover from failure Manage change in automation There are five design principles for reliability in the cloud: - Test recovery procedures. - Automatically recover from failure. - Scale horizontally to increase aggregate system availability. - Stop guessing capacity. - Manage change in automation.
Which of the following is a sole responsibility of AWS? Application deployment Availability Zone management Patch management Customer data access controls
Availability Zone management (Patch management is a shared responsibility. Customers must patch instances databases running on EC2 and AWS will patch the underlying infrastructure and some managed services.)
An Amazon Virtual Private Cloud (VPC) can include multiple: Edge locations. AWS Regions. Availability Zones. Internet gateways.
Availability Zones.
Which tasks require the use of the AWS account root user? (Select TWO.) Viewing AWS CloudTrail logs. Changing payment currency. Enabling encryption for S3. Changing the account name. Changing AWS Support plans.
Changing the account name. Changing AWS Support plans.
How can an organization track resource inventory and configuration history for the purpose of security and regulatory compliance? Configure AWS Config with the resource types Create an Amazon CloudTrail trail Implement Amazon GuardDuty Run a report with AWS Artifact
Configure AWS Config with the resource types (Amazon GuardDuty offers threat detection and continuous security monitoring for malicious or unauthorized behavior)
What is one method of protecting against distributed denial of service (DDoS) attacks in the AWS Cloud? Enable AWS CloudTrail logging. Monitor the AWS Health Dashboard. Configure a firewall in front of resources. Use Amazon CloudWatch monitoring.
Configure a firewall in front of resources.
A Cloud Practitioner anticipates an increase in application traffic at a future date and time when a sales event will take place. How can the Cloud Practitioner configure Amazon EC2 Auto Scaling to ensure the right number of Amazon EC2 instances are available ahead of the event? Configure a scheduled scaling policy. Configure predictive scaling. Configure a step scaling policy. Configure a target tracking scaling policy.
Configure a scheduled scaling policy.
A company plans to use reserved instances to get discounted pricing for Amazon EC2 instances. The company may need to change the EC2 instance type during the one year period. Which instance purchasing option is the MOST cost-effective for this use case? Standard Reserved Instances Regional Reserved Instances Convertible Reserved Instances Zonal Reserved Instances
Convertible Reserved Instances (With standard RIs you cannot change the instance type but you can change the instance size. Regional RIs apply to instance usage within any AZ in a specified Region. Zonal RIs apply to instance usage within a specific AZ within an AWS Region.)
What can a Cloud Practitioner use to categorize and track AWS costs by project? AWS Trusted Advisor Multiple accounts Consolidated billing Cost Allocation Tags
Cost Allocation Tags
A company must provide access to AWS resources for their employees. Which security practices should they follow? (Select TWO.) Create IAM policies based on least privilege principles. Disable password policies and management console access. Enable multi-factor authentication for users. Create IAM Roles and apply them to IAM groups. Create IAM users in different AWS Regions.
Create IAM policies based on least privilege principles. Enable multi-factor authentication for users. (You cannot apply roles to groups, you apply policies to groups.)
A company is launching a new website which is expected to have highly variable levels of traffic. The website will run on Amazon EC2 and must be highly available. What is the MOST cost-effective approach? Use the AWS CLI to launch and terminate Amazon EC2 instances to match demand. Determine the highest expected traffic and use an appropriate instance type. Create an Amazon EC2 Auto Scaling group and configure and Elastic Load Balancer. Launch the website using an Amazon EC2 instance running on a dedicated host.
Create an Amazon EC2 Auto Scaling group and configure and Elastic Load Balancer.
Which tasks can a user complete using the AWS Cost Management tools? (Select TWO.) Create budgets and receive notifications if current or forecasted usage exceeds the budgets. Automatically terminate AWS resources if budget thresholds are exceeded. Launch either EC2 Spot instances or On-Demand instances based on the current pricing. Delete all of your AWS resources with a single click. Move data stored in Amazon S3 Standard to an archiving storage class to reduce cost.
Create budgets and receive notifications if current or forecasted usage exceeds the budgets. Automatically terminate AWS resources if budget thresholds are exceeded.
A company uses Amazon EC2 instances to run applications that are dedicated to different departments. The company needs to break out the costs of these applications and allocate them to the relevant department. The EC2 instances run in a single VPC. How can the company achieve these requirements? Add additional Amazon VPCs and launch each application in a separate VPC. Enable billing alerts through Amazon CloudWatch and Amazon SNS. Create tags by department on the instances and then run a cost allocation report. Enable billing access for IAM users and view the costs in Cost Explorer.
Create tags by department on the instances and then run a cost allocation report.
What is the best practice for managing AWS IAM access keys? There is no need to manage access keys. AWS rotate access keys on a schedule. Never use access keys, always use IAM roles. Customers should rotate access keys regularly.
Customers should rotate access keys regularly.
A company is deploying a new workload and software licensing requirements dictate that the workload must be run on a specific, physical server. Which Amazon EC2 instance deployment option should be used? Spot Instances Reserved Instances Dedicated Instances Dedicated Hosts
Dedicated Host (a physical server fully dedicated for your use; with Dedicated Instances you are not given a specific physical server)
A customer needs to determine Total Cost of Ownership (TCO) for a workload that requires physical isolation. Which hosting model should be accounted for? Reserved Instances Dedicated Hosts Spot Instances On-Demand Instances
Dedicated Hosts An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use
Which of the options below are recommendations in the performance efficiency pillar of the well-architected framework? (choose 2) Democratize advanced technologies Go global in days Use serverless architectures Rarely experiment Mechanical complexity
Democratize advanced technologies Use serverless architectures There are five design principles for performance efficiency in the cloud: - Democratize advanced technologies. - Go global in minutes. - Use serverless architectures. - Experiment more often. - Mechanical sympathy.
To ensure the security of your AWS account, what are two AWS best practices for managing access keys? (Select TWO.) Don't create any access keys, use IAM roles instead Don't generate an access key for the root account user Where possible, use IAM roles with temporary security credentials Rotate access keys daily Use MFA for access keys
Don't generate an access key for the root account user Where possible, use IAM roles with temporary security credentials Best practices include: - Don't generate an access key for the root account user. - Use Temporary Security Credentials (IAM Roles) Instead of Long-Term Access Keys. - Manage IAM User Access Keys Properly.
AWS are able to continually reduce their pricing due to: Pay-as-you go pricing. Elastic compute services. Compute savings plans. Economies of scale.
Economies of scale.
A company has many underutilized compute resources on-premises. Which AWS Cloud feature will help resolve this issue? Global deployment Fault tolerance Elasticity High availability
Elasticity
A company is deploying an application in the AWS Cloud. How can they secure the application? (Select TWO.) Enable encryption for the application data at rest. Limit access privileges according to the principal of least privilege. Configure public access for the AWS services used by the application. Enable monitoring by turning off encryption for data in transit. Provide full admin access to developer and operations staff.
Enable encryption for the application data at rest. Limit access privileges according to the principal of least privilege.
Which of the options below are recommendations in the security pillar of the well-architected framework? (Select TWO.) Enable traceability Apply security at the application layer Automate security best practices Protect data when it is at rest only Expect to be secure
Enable traceability Automate security best practices There are six design principles for security in the cloud: - Implement a strong identity foundation. - Enable traceability. - Apply security at all layers. - Automate security best practices. - Protect data in transit and at rest. - Prepare for security events.
Which AWS Support plan provides access to architectural and operational reviews, as well as 24/7 access to Cloud Support Engineers through email, online chat, and phone? Basic Business Developer Enterprise
Enterprise Basic only includes: 24x7 access to customer service, documentation, whitepapers, and support forums. Business does not provide access to architectural and operational reviews. Developer gets support from Cloud Support Associates, not Engineers and also do not get access to architectural and operational reviews.
How does the AWS cloud increase the speed and agility of execution for customers? (Select TWO.) Secured data centers Private connections to data centers Fast provisioning of resources Lower cost of deployment Scalable compute capacity
Fast provisioning of resources Scalable compute capacity
For what purpose would a Cloud Practitioner access AWS Artifact? Gain access to AWS security and compliance documents. Create a security assessment report for AWS services. Access training materials for AWS services. Download configuration details for all AWS resources.
Gain access to AWS security and compliance documents.
Which IAM entity can be used for assigning permissions to multiple users? IAM User IAM Group IAM Role IAM password policy
IAM Group
Which IAM entity is associated with an access key ID and secret access key? IAM Group IAM Role IAM Policy IAM User
IAM User
A company is migrating a monolithic application that does not scale well into the cloud and refactoring it into a microservices architecture. Which best practice of the AWS Well-Architected Framework does this plan relate to? Manage change in automation. Implement loosely coupled services. Stop spending money on undifferentiated heavy lifting. Use multiple solutions to improve performance.
Implement loosely coupled services.
Which of the following statements are correct about the benefits of AWS Direct Connect? (Select TWO.) Quick to implement Increased reliability (predictable performance) Lower cost than a VPN Increased bandwidth (predictable bandwidth) Uses redundant paths across the Internet
Increased reliability (predictable performance) Increased bandwidth (predictable bandwidth)
Which of the following represents a value proposition for using the AWS Cloud? AWS provides full access to their data centers. Customers can request specialized hardware. AWS is responsible for securing your applications. It is not necessary to enter into long term contracts.
It is not necessary to enter into long term contracts.
A user is planning to launch three EC2 instances behind a single Elastic Load Balancer. The deployment should be highly available. How should the user achieve this? Launch the instances as EC2 Spot Instances in the same AWS Region and the same Availability Zone. Launch the instances in multiple AWS Regions, and use Elastic IP addresses. Launch the instances across multiple Availability Zones in a single AWS Region. Launch the instances as EC2 Reserved Instances in the same AWS Region, but in different Availability Zones.
Launch the instances across multiple Availability Zones in a single AWS Region.
What are AWS Identity and Access Management (IAM) access keys used for? Making programmatic calls to AWS from AWS APIs. Ensuring the integrity of log files. Logging in to the AWS Management Console. Enabling encryption in transit for web servers.
Making programmatic calls to AWS from AWS APIs. Access keys consist of two parts: an access key ID and a secret access key. Username and password is used to login to the management console.
An application uses a PostgreSQL database running on a single Amazon EC2 instance. A Cloud Practitioner has been asked to increase the availability of the database so there is automatic recovery in the case of a failure. Which tasks can the Cloud Practitioner take to meet this requirement? Configure EC2 Auto Recovery to move the instance to another Region. Configure an Elastic Load Balancer in front of the EC2 instance. Set the DeleteOnTermination value to false for the EBS root volume. Migrate the database to Amazon RDS and enable the Multi-AZ feature.
Migrate the database to Amazon RDS and enable the Multi-AZ feature.
When running applications in the AWS Cloud, which common tasks can AWS manage on behalf of their customers? (Select TWO.) Application security testing Application source code auditing Patching database software Taking a backup of a database Creating a database schema
Patching database software Taking a backup of a database With services such as Amazon RDS, AWS will patch the database host operating system and database software and perform patch management activities. AWS does not create your schema; this is something that's in the customer's control.
A large company is interested in avoiding long-term contracts and moving from fixed costs to variable costs. What is the value proposition of AWS for this company? Economies of scale Pay-as-you-go pricing Volume pricing discounts Automated cost optimization
Pay-as-you-go pricing
An Amazon EC2 instance running the Amazon Linux 2 AMI is billed in what increment? Per second Per hour Per CPU Per GB
Per second
An individual IAM user must be granted access to an Amazon S3 bucket using a bucket policy. Which element in the S3 bucket policy should be updated to define the user account for which access will be granted? Condition Resource Action Principal
Principal (The Principal element specifies the user, account, service, or other entity that is allowed or denied access to a resource.)
What advantages does a database administrator obtain by using the Amazon Relational Database Service (RDS)? RDS databases automatically scale based on load. RDS enables users to dynamically adjust CPU and RAM resources. RDS simplifies relational database administration tasks. RDS provides 99.99999999999% reliability and durability.
RDS simplifies relational database administration tasks. The managed service includes hardware provisioning, database setup, patching and backups. (Storage auto scaling is possible but for compute it scales by changing instance type (manual)).
Which of the following represent economic advantages of moving to the AWS cloud? (Select TWO.) Reduce the need to manage applications Increase efficiencies through automation Reduce the rate of change Reduce the need to manage infrastructure Increase time to market for new applications
Reduce the need to manage infrastructure Increase efficiencies through automation
A company is planning to move a number of legacy applications to the AWS Cloud. The solution must be cost-effective. Which approach should the company take? Use AWS Lambda to host the legacy applications in the cloud. Rehost the applications on Amazon EC2 instances that are right-sized. Migrate the applications to dedicated hosts on Amazon EC2. Use an Amazon S3 static website to host the legacy application code.
Rehost the applications on Amazon EC2 instances that are right-sized. (You cannot host legacy application code in an S3 static website, only static content is possible. Dedicated hosts are expensive and there is no need to use them with this solution.)
Which design principles are enabled by the AWS Cloud to improve the operation of workloads? (Select TWO.) Minimize platform design Remove single points of failure Minimum viable product Customized hardware Loose coupling
Remove single points of failure Loose coupling
What are the charges for using Amazon Glacier? (Select TWO.) Data transferred into Glacier Retrieval requests Data storage Enhanced networking Number of Availability Zones
Retrieval requests Data storage
A company runs a batch job on an Amazon EC2 instance and it takes 6 hours to complete. The workload is expected to double in volume each month with a proportional increase in processing time. What is the most efficient cloud architecture to address the growing workload? Change the Amazon EC2 volume type to a Provisioned IOPS SSD volume. Run the application on a bare metal Amazon EC2 instance. Run the batch workload in parallel across multiple Amazon EC2 instances. Run the batch job on a larger Amazon EC2 instance type with more CPU.
Run the batch workload in parallel across multiple Amazon EC2 instances. (This is an example of horizontal scaling) (Changing to a Provisioned IOPS SSD will improve the underlying performance of the EBS volume but does not assist with processing.)
Which of the following statements best describes the concept of agility in relation to cloud computing on AWS? (Select TWO.) The speed at which AWS rolls out new features. The ability to automatically scale capacity. The ability to experiment quickly. The speed at which AWS resources can be created. The elimination of wasted capacity.
The ability to experiment quickly. The speed at which AWS resources can be created.
A Cloud Practitioner requires point-in-time recovery (PITR) for an Amazon DynamoDB table. Who is responsible for configuring and performing backups? AWS is responsible for both tasks. The customer is responsible for configuring and AWS is responsible for performing backups. AWS is responsible for configuring and the user is responsible for performing backups. The customer is responsible for both tasks.
The customer is responsible for configuring and AWS is responsible for performing backups.
What is a benefit of moving an on-premises database to Amazon Relational Database Service (RDS)? There is no need to manage operating systems You can scale vertically without downtime There is no database administration required You can run any database engine
There is no need to manage operating systems
What are Edge locations used for? They are used for terminating VPN connections They are used by CloudFront for caching content They are the public-facing APIs for Amazon S3 They are used by regions for inter-region connectivity
They are used by CloudFront for caching content
A company has multiple AWS accounts and is using AWS Organizations with consolidated billing. Which advantages will they benefit from? (Select TWO.) They will receive a fixed discount for all usage across accounts. They will be automatically enrolled in a business support plan. They may benefit from lower unit pricing for aggregated usage. They will receive one bill for the accounts in the Organization. The default service limits in all accounts will be increased.
They may benefit from lower unit pricing for aggregated usage. They will receive one bill for the accounts in the Organization.
What are the advantages of Availability Zones? (Select TWO.) They allow regional disaster recovery They provide fault isolation They enable the caching of data for faster delivery to end users They are connected by low-latency network connections They enable you to connect your on-premises networks to AWS to form a hybrid cloud
They provide fault isolation They are connected by low-latency network connections
According to the AWS shared responsibility model, which of the following is a responsibility of AWS? Updating the firmware on the underlying EC2 hosts. Patching software running on Amazon EC2 instances. Updating security group rules to enable connectivity. Configuring network ACLs to block malicious attacks.
Updating the firmware on the underlying EC2 hosts.
What is the best way for an organization to transfer hundreds of terabytes of data from their on-premise data center into Amazon S3 with limited bandwidth available? Use S3 Transfer Acceleration Apply compression before uploading Use AWS Snowball Use Amazon CloudFront
Use AWS Snowball
How much data can a company store in the Amazon S3 service? 100 PB 100 TB 1 PB Virtually unlimited
Virtually unlimited
Which descriptions are correct regarding cloud deployment models? (Select TWO.) With the public cloud the consumer organization typically owns and manages the infrastructure With the private cloud the consumer organization typically incurs OPEX costs for usage With the hybrid cloud, multiple private clouds are connected With the public cloud the consumer organization typically incurs OPEX costs for usage With the private cloud the consumer organization typically owns and manages the infrastructure
With the public cloud the consumer organization typically incurs OPEX costs for usage With the private cloud the consumer organization typically owns and manages the infrastructure ("With the private cloud the consumer organization typically incurs OPEX costs for usage" is incorrect. With the private cloud the consumer organization typically owns the infrastructure and will often manage it themselves)
