cloud practitioner prep

AWS Identity and Access Management (IAM)

- enables you to manage access to AWS services and resources securely. -gives you the flexibility to configure access based on your company's specific operational and security needs. -You do this by using a combination of IAM features: IAM users, groups, and roles IAM policies Multi-factor authentication

The consolidated billing

- feature of AWS Organizations enables you to receive a single bill for all AWS accounts in your organization. -You can easily track the combined costs of all the linked accounts in your organization. The default maximum number of accounts allowed for an organization is 4, but you can contact AWS Support to increase your quota, if needed.

Which tasks can you complete in AWS Artifact? (Select TWO.) Access AWS compliance reports on-demand. Consolidate and manage multiple AWS accounts within a central location. Create users to enable people and applications to interact with AWS services and resources. Set permissions for accounts by configuring service control policies (SCPs). Review, accept, and manage agreements with AWS.

-Access AWS compliance reports on-demand. -Review, accept, and manage agreements with AWS.

You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.) IAM users IAM groups An individual member account IAM roles An organizational unit (OU)

-An individual member account -An organizational unit (OU)

Snowball Edge Compute Optimized

provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks. Storage: 42-TB usable HDD capacity for Amazon S3 compatible object storage or Amazon EBS compatible block volumes and 7.68 TB of usable NVMe SSD capacity for Amazon EBS compatible block volumes. Compute: 52 vCPUs, 208 GiB of memory, and an optional NVIDIA Tesla V100 GPU. Devices run Amazon EC2 sbe-c and sbe-g instances, which are equivalent to C5, M5a, G3, and P3 instances.

AWS Elastic Beanstalk

you provide code and configuration settings, and Elastic Beanstalk deploys the resources necessary to perform the following tasks: Adjust capacity Load balancing Automatic scaling Application health monitoring

Dedicated Hosts

-physical servers with Amazon EC2 instance capacity that is fully dedicated to your use

Public subnet

Support the customer-facing website.

Which factors should be considered when selecting a Region? (Select TWO.) Compliance with data governance and legal requirements Proximity to your customers Access to 24/7 technical support Ability to assign custom permissions to different users Access to the AWS Command Line Interface (AWS CLI)

-Compliance with data governance and legal requirements -Proximity to your customers

When determining the right Region for your services, data, and applications, consider the following four business factors:

-Compliance with data governance and legal requirements -Proximity to your customers -Available services within a Region -Pricing

What are the benefits of cloud computing? (Select TWO.) Increase speed and agility. Benefit from smaller economies of scale. Trade variable expense for upfront expense. Maintain infrastructure capacity. Stop spending money running and maintaining data centers.

-Increase speed and agility. -Stop spending money running and maintaining data centers.

Which tasks are the responsibilities of customers? (Select TWO.) Maintaining network infrastructure Patching software on Amazon EC2 instances Implementing physical security controls at data centers Setting permissions for Amazon S3 objects Maintaining servers that run Amazon EC2 instances

-Patching software on Amazon EC2 instances -Setting permissions for Amazon S3 objects

root user

-When you first create an AWS account, you begin with an identity known as ___ ex: You can think of the root user as being similar to the owner of the coffee shop. It has complete access to all the AWS services and resources in the account.

General purpose instances

-a balance of compute, memory, and networking resources. You can use them for a variety of workloads, such as: -application servers -gaming servers -backend servers for enterprise applications -small and medium databases -web servers

Amazon Redshift

-a data warehousing service that you can use for big data analytics -Offers the ability to collect data from many sources and helps you to understand relationships and trends across your data.

Microservices Approach

-application components are loosely coupled -if a single component fails, the other components continue to work because they are communicating with each other. -The loose coupling prevents the entire application from failing ex: Amazon Simple Notification Service (Amazon SNS) OR Amazon Simple Queue Service (Amazon SQS).

API

-application programming interface -pre determined ways for you to interact with AWS services -you can invoke or call these APIs to provision, configure, and manage your AWS resources.

Monolithic Application

-application with tightly coupled components -databases, servers, the user interface, business logic, etc.

AWS Shield Standard

-automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks. -As network traffic comes into your applications, AWS Shield Standard uses a variety of analysis techniques to detect malicious traffic in real time and automatically mitigates it.

Serverless computing

-code runs on servers but you don't need to provision/manage them ex: -AWS Lambda: only pay for compute time you consume, w charges only applying when the code in running 1) upload code to Lambda 2) set code to trigger from an event source 3) code runs only when triggered 4) pay for compute time used

AWS Command Line Interface (AWS CLI)

-control multiple AWS services directly from the command line within one tool

relational database

-data is stored in a way that relates it to other pieces of data -use structured query language (SQL) to store and query data An example of a relational database might be the coffee shop's inventory management system. Each record in the database would include data for a single item, such as product name, size, price, and so on.

Storage Optimized Instances

-designed for workloads that require high, sequential read and write access to large datasets on local storage. ex's: -distributed file systems -data warehousing applications -high-frequency online transaction processing (OLTP) systems

Memory optimized instances

-designed to deliver fast performance for workloads that process large datasets in memory -[In computing, memory is a temporary storage area, that holds data and instructions that a central processing unit (CPU) needs to be able to complete actions] -Before a computer program or application is able to run, it is loaded from storage into memory. This preloading process gives the CPU direct access to the computer program

AWS Database Migration Service (AWS DMS)

-enables you to migrate relational databases, nonrelational databases, and other types of data stores -move data between a source database and a target database

AWS Key Management Service (AWS KMS)

-enables you to perform encryption operations through the use of cryptographic keys. -you can choose the specific levels of access control that you need for your keys. -use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications. For example, you can specify which IAM users and roles are able to manage keys. Alternatively, you can temporarily disable keys so that they are no longer in use by anyone. Your keys never leave AWS KMS, and you are always in control of them

Amazon Elastic Kubernetes Service (Amazon EKS)

-fully managed service that you can use to run Kubernetes on AWS -open-source software that enables you to deploy and manage containerized applications at scale

AWS CloudFormation

-gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion -you can treat your infrastructure as code. -provisions your resources in a safe, repeatable manner, enabling you to frequently build your infrastructure and applications without having to perform manual actions

Amazon Inspector

-helps to improve the security and compliance of applications by running automated security assessments. -Checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions -provides you with a list of security findings. The list prioritizes by severity level, including a detailed description of each security issue and a recommendation for how to fix it. However, AWS does not guarantee that following the provided recommendations resolves every potential security issue.

Amazon Aurora

-helps to reduce your database costs by reducing unnecessary input/output (I/O) operations, while ensuring that your database resources remain reliable and available. -an enterprise-class relational database -It is compatible with MySQL and PostgreSQL relational databases -Up to five times faster than standard MySQL databases -Up to three times faster than standard PostgreSQL databases

Amazon Elastic Container Service (Amazon ECS)

-highly scalable, high-performance container management system that enables you to run and scale containerized applications on AWS

Compute optimized instances

-ideal for compute-bound applications that benefit from high-performance processors -can use for workloads such as -high-performance web servers -compute-intensive applications servers -gaming servers -batch processing workloads [require processing many transactions in a single group]

On-Demand Instances Pricing

-ideal for short-term, irregular workloads that cannot be interrupted -No upfront costs or minimum contracts apply -instances run continuously until you stop them, and you pay for only the compute time you use -not recommended for workloads that last a year or longer because these workloads can experience greater cost savings using Reserved Instances

Spot Instances

-ideal for workloads with flexible start and end times, or that can withstand interruptions -request spare EC2 computing capacity; however, AW can reclaim at any time -no commitment

AWS Shield Advanced

-is a paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks. -It also integrates with other services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing. Additionally, you can integrate AWS Shield with AWS WAF by writing custom rules to mitigate complex DDoS attacks.

Amazon Relational Database Service (Amazon RDS)

-is a service that enables you to run relational databases in the AWS Cloud -automates tasks such as hardware provisioning, database setup, patching, and backups -Many Amazon RDS database engines offer encryption at rest (protecting data while it is stored) and encryption in transit (protecting data while it is being sent and received)

Amazon GuardDuty

-is a service that provides intelligent threat detection for your AWS infrastructure and resources. -It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment -After you have enabled GuardDuty for your AWS account, GuardDuty begins monitoring your network and account activity. You do not have to deploy or manage any additional security software -If GuardDuty detects any threats, you can review detailed findings about them from the AWS Management Console -You can also configure AWS Lambda functions to take remediation steps automatically in response to GuardDuty's security findings

Horizontally scaling an instance

-launching new instances and adding them to the pool -can set up automated horizontal scaling, using Amazon EC2 Auto Scaling

Amazon EC2 Savings Plans Pricing

-low price on EC2 use -commit for a consistent time measured in $ per hour -reduce your compute costs by committing to a consistent amount of computing usage for a 1-year or 3-year term -savings of up to 66% over On-Demand costs

Amazon Simple Queue Service (Amazon SQS)

-message queuing service -send, store, and receive messages between software components, without losing messages or requiring other services to be available -application sends messages into a queue THEN: -user or service retrieves a message from the queue, processes it, and then deletes it from the queue. -does not use the message subscription

Input/output operations per second (IOPS)

-metric that measures the performance of a storage device -designed to deliver tens of thousands of low-latency, random IOPS [input/output operations per second] to applications

distributed denial-of-service (DDoS) attack

-multiple sources are used to start an attack that aims to make a website or application unavailable. -This can come from a group of attackers, or even a single attacker. The single attacker can use multiple infected computers (also known as "bots") to send excessive traffic to a website or application

Containers

-provide a standard way to package applications code/dependencies into 1 object -use containers for processes and workflows in which there are essential requirements for security, reliability, and scalability

What is Amazon Elastic Cloud Compute (EC2)

-provides secure, resizable compute capacity in the cloud as Amazon EC2 instances. -virtual server to run applications in the AWS Cloud -provision and launch an Amazon EC2 instance within minutes -can stop using it when you have finished running a workload -pay only for the compute time you use when an instance is running, not when it is stopped or terminated.

Hypervisor

-responsible for coordinating multi tenancy, isolates virtual machines from each other as they share resources from host -even though they share same virtual machine, its secure and separate

AWS Fargate

-serverless compute engine for containers -works with both Amazon ECS and Amazon EKS -do not need to provision or manage servers -Fargate manages your server infrastructure for you

Elastic Load Balancer

-service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances -acts as a single point of contact for all incoming web traffic -add or remove Amazon EC2 instances in response to the amount of incoming traffic, these requests route to the load balancer first ex: For example, if you have multiple Amazon EC2 instances, Elastic Load Balancing distributes the workload across the multiple instances so that no single instance has to carry the bulk of it.

Reserved Instances

-steady-state workloads, predictable usuage -discount applied to the use of On-Demand Instances -1-year or 3-year term

Accelerated computing instances

-use hardware accelerators, or coprocessors, to perform some functions more efficiently than is possible in software running on CPUs -ex's: -floating-point number calculations -graphics processing -data pattern matching

AWS WAF

-web application firewall that lets you monitor network requests that come into your web applications -works together with Amazon CloudFront and an Application Load Balancer -uses a web access control list (ACL) to protect your AWS resources

AWS Budgets:

-you can create budgets to plan your service usage, service costs, and instance reservations. -The information in AWS Budgets updates three times a day. This helps you to accurately determine how close your usage is to your budgeted amounts or to the AWS Free Tier limits. -In AWS Budgets, you can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount.

What are the contract length options for Amazon EC2 Reserved Instances? (Select TWO.) 1 year 2 years 3 years 4 years 5 years

1 year, 3 years

6 Advantages of cloud computing

1. trade capital expense for variable expense 2. Economies of scale 3. Stop guessing about capacity 4. increase speed and agility 5. stop spending money running data centers 6. go global in minutes

What is the storage capacity of AWS Snowmobile? 40 PB 60 PB 80 PB 100 PB

100 PB

What is the storage capacity of Snowball Edge Storage Optimized? 40 TB 60 TB 80 TB 100 TB

80 TB

Which statement is TRUE for the AWS global infrastructure? A Region consists of a single Availability Zone. An Availability Zone consists of two or more Regions. A Region consists of two or more Availability Zones. An Availability Zone consists of a single Region.

A Region consists of two or more Availability Zones.

Which statement best describes an IAM policy? An authentication process that provides an extra layer of protection for your AWS account A document that grants or denies permissions to AWS services and resources An identity that you can assume to gain temporary access to permissions The identity that is established when you first create an AWS account

A document that grants or denies permissions to AWS services and resources

Which statement best describes Amazon CloudFront? A service that enables you to run infrastructure in a hybrid cloud approach A serverless compute engine for containers A service that enables you to send and receive messages between software components through a queue A global content delivery service

A global content delivery service

Amazon Virtual Private Cloud (Amazon VPC)

A networking service that you can use to establish boundaries around your AWS resources

Which statement best describes Amazon DynamoDB? A service that enables you to run relational databases in the AWS Cloud A serverless key-value database service A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores An enterprise-class relational database

A serverless key-value database service

Which statement best describes Amazon Lex? A service that enables you to build conversational interfaces using voice and text A machine learning service that automatically extracts text and data from scanned documents A document database service that supports MongoDB workloads A service that enables you to identify potentially fraudulent online activities

A service that enables you to build conversational interfaces using voice and text

Which statement best describes an Availability Zone? A geographical area that contains AWS resources A single data center or group of data centers within a Region A data center that an AWS service uses to perform service-specific operations A service that you can use to run AWS infrastructure within your own on-premises data center in a hybrid approach

A single data center or group of data centers within a Region

Which pricing tool enables you to receive alerts when your service usage exceeds a threshold that you have defined? Billing dashboard in the AWS Management Console AWS Budgets AWS Free Tier AWS Cost Explorer

AWS Budgets

Which pricing tool is used to visualize, understand, and manage your AWS costs and usage over time? AWS Pricing Calculator AWS Budgets AWS Cost Explorer AWS Free Tier

AWS Cost Explorer

Which component or service can be used to establish a private dedicated connection between your company's data center and AWS? Private subnet DNS AWS Direct Connect Amazon CloudFront

AWS Direct Connect

Which service or resource is used to find third-party software that runs on AWS? AWS Marketplace AWS Free Tier AWS Support Billing dashboard in the AWS Management Console

AWS Marketplace

Which service helps protect your applications against distributed denial-of-service (DDoS) attacks? Amazon GuardDuty Amazon Inspector AWS Artifact AWS Shield

AWS Shield

Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions? Amazon CloudWatch AWS CloudTrail AWS Trusted Advisor Amazon GuardDuty

AWS Trusted Advisor

Replatforming

Also known as "lift, tinker, and shift," involves making a few cloud optimizations to realize a tangible benefit. Optimization is achieved without changing the core architecture of the application.

Amazon RDS is available on six database engines:

Amazon Aurora PostgreSQL MySQL MariaDB Oracle Database Microsoft SQL Server

Additional storage and database services

Amazon DocumentDB: document database service that supports MongoDB workloads. (MongoDB is a document database program). Amazon Neptune: a graph database service, build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs Amazon Quantum Ledger Database (Amazon QLDB): ledger database service, use Amazon QLDB to review a complete history of all the changes that have been made to your application data Amazon Managed Blockchain: a service that you can use to create and manage blockchain networks with open-source frameworks Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority Amazon ElastiCache: service that adds caching layers on top of your databases to help improve the read times of common requests It supports two types of data stores: Redis and Memcached Amazon DynamoDB Accelerator: in-memory cache for DynamoDB, helps improve response times from single-digit milliseconds to microseconds

You want to deploy and manage containerized applications. Which service should you use? AWS Lambda Amazon Simple Notification Service (Amazon SNS) Amazon Simple Queue Service (Amazon SQS) Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon Elastic Kubernetes Service (Amazon EKS)

Which service is used to manage the DNS records for domain names? Amazon Virtual Private Cloud AWS Direct Connect Amazon CloudFront Amazon Route 53

Amazon Route 53

Which service enables you to quickly build, train, and deploy machine learning models? Amazon Textract Amazon Lex AWS DeepRacer Amazon SageMaker

Amazon SageMaker

Which AWS service is the best choice for publishing messages to subscribers? Amazon Simple Queue Service (Amazon SQS) Amazon EC2 Auto Scaling Amazon Simple Notification Service (Amazon SNS) Elastic Load Balancing

Amazon Simple Notification Service (Amazon SNS)

You want to store data in an object storage service. Which AWS service is best for this type of storage? Amazon Managed Blockchain Amazon Elastic File System (Amazon EFS) Amazon Elastic Block Store (Amazon EBS) Amazon Simple Storage Service (Amazon S3)

Amazon Simple Storage Service (Amazon S3)

AWS offers four different Support plans to help you troubleshoot issues, lower costs, and efficiently use AWS services. You can choose from the following Support plans to meet your company's needs:

Basic Developer Business Enterprise

Which Support plan includes all AWS Trusted Advisor checks at the lowest cost? Basic Developer Business Enterprise

Business

Benefit from massive economies of scale.

By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customer aggregates in the cloud, providers such as AWS can achieve higher economies of scale. Economies of scale translate into lower pay-as-you-go prices.

Stop spending money running and maintaining data centers

Cloud computing in data centers often requires you to spend more money and time managing infrastructure and servers. A benefit of cloud computing is the ability to focus less on these tasks and more on your applications and customers.

Which action can you perform with consolidated billing? Review how much cost your predicted AWS usage will incur by the end of the month. Create an estimate for the cost of your use cases on AWS. Combine usage across accounts to receive volume pricing discounts. Visualize and manage your AWS costs and usage over time.

Combine usage across accounts to receive volume pricing discounts

You want to use an Amazon EC2 instance for a batch processing workload. What would be the best Amazon EC2 instance type to use? General-purpose Memory-optimized Compute-optimized Storage optimized

Compute optimized

Virtual private gateway

Create a VPN connection between the VPC and the internal corporate network -access private resources in VPC -allows protected internet traffic to enter VPC

Virtual private gateway

Create a VPN connection between the VPC and the internal corporate network.

Which task can AWS Key Management Service (AWS KMS) perform? Configure multi-factor authentication (MFA). Update the AWS account root user password. Create cryptographic keys. Assign permissions to users and groups

Create cryptographic keys.

Business Support

Customers with a Business Support plan have access to additional features, including: -Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs -All AWS Trusted Advisor checks -Limited support for third-party software, such as common operating systems and application stack components

Which statement or statements are TRUE about Amazon EBS volumes and Amazon EFS file systems? EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones. EBS volumes store data across multiple Availability Zones. Amazon EFS file systems store data within a single Availability Zone. EBS volumes and Amazon EFS file systems both store data within a single Availability Zone. EBS volumes and Amazon EFS file systems both store data across multiple Availability Zones.

EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.

Which site does Amazon CloudFront use to cache copies of content for faster delivery to users at any location? Region Availability Zone Edge location Origin

Edge location

Which process is an example of Elastic Load Balancing? -Ensuring that no single Amazon EC2 instance has to carry the full workload on its own -Removing unneeded Amazon EC2 instances when demand is low -Adding a second Amazon EC2 instance during an online store's popular sale -Automatically adjusting the number of Amazon EC2 instances to meet demand

Ensuring that no single Amazon EC2 instance has to carry the full workload on its own

Your company wants to receive support from an AWS Technical Account Manager (TAM). Which support plan should you choose? Developer Enterprise Basic Business

Enterprise

AWS Direct Connect

Establish a dedicated connection between the on-premises data center and the VPC

Which action can you perform with AWS Outposts? Automate actions for AWS services and applications through scripts. Access wizards and automated workflows to perform tasks in AWS services. Develop AWS applications in supported programming languages. Extend AWS infrastructure and services to your on-premises data center.

Extend AWS infrastructure and services to your on-premises data center.

Which statement best describes the principle of least privilege? Adding an IAM user into at least one IAM group Checking a packet's permissions against an access control list Granting only the permissions that are needed to perform specific tasks Performing a denial of service attack that originates from at least one device

Granting only the permissions that are needed to perform specific tasks

An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task? AWS account root user IAM group IAM role Service control policy (SCP)

IAM role

Technical Account Manager (TAM).

If your company has an Enterprise Support plan, the TAM is your primary point of contact at AWS. They provide guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications. **Your TAM provides expertise across the full range of AWS services. They help you design solutions that efficiently use multiple services together through an integrated approach.

Enterprise Support

In addition to all the features included in the Basic, Developer, and Business Support plans, customers with an Enterprise Support plan have access to features such as: -Application architecture guidance, which is a consultative relationship to support your company's specific use cases and applications -Infrastructure event management: A short-term engagement with AWS Support that helps your company gain a better understanding of your use cases. This also provides your company with architectural and scaling guidance. -A Technical Account Manager

Which component is used to connect a VPC to the internet? Public subnet Edge location Security group Internet gateway

Internet gateway

Private subnet

Isolate databases containing customers' personal information.

Which statement best describes an AWS account's default network access control list?

It is stateless and allows all inbound and outbound traffic.

Which pillar of the AWS Well-Architected Framework includes the ability to run workloads effectively and gain insights into their operations? Cost Optimization Operational Excellence Performance Efficiency Reliability

Operational Excellence

Which actions can you perform using Amazon CloudWatch? (Select TWO.) Monitor your resources' utilization and performance Receive real-time guidance for improving your AWS environment Compare your infrastructure to AWS best practices in five categories Access metrics from a single dashboard Automatically detect unusual account activity

Monitor your resources' utilization and performance Access metrics from a single dashboard

What is cloud computing? -Backing up files that are stored on desktop and mobile devices to prevent data loss -Deploying applications connected to on-premises infrastructure -Running code without needing to manage or provision servers -On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

Which categories are included in the AWS Trusted Advisor dashboard? (Select TWO.) Reliability Performance Scalability Elasticity Fault tolerance

Performance Fault tolerance

Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers' personal information. How should the developer configure the VPC according to best practices? Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet. Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet. Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.

Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.

Which Perspective of the AWS Cloud Adoption Framework helps you design, implement, and optimize your AWS infrastructure based on your business goals and perspectives? Business Perspective Platform Perspective Operations Perspective People Perspective

Platform Perspective

Which process is an example of benefiting from massive economies of scale? Deploying an application in multiple Regions around the world Receiving lower pay-as-you-go prices as the result of AWS customers' aggregated usage of services Paying for compute time as you use it instead of investing upfront costs in data centers Scaling your infrastructure capacity in and out to meet demand

Receiving lower pay-as-you-go prices as the result of AWS customers' aggregated usage of services

Which service is used to query and analyze data across a data warehouse? Amazon Redshift Amazon Neptune Amazon DocumentDB Amazon ElastiCache

Redshift

When migrating applications to the cloud, six of the most common migration strategies that you can implement are:

Rehosting Replatforming Refactoring/re-architecting Repurchasing Retaining Retiring

Which pillar of the AWS Well-Architected Framework focuses on the ability of a workload to consistently and correctly perform its intended functions? Operational Excellence Performance Efficiency Security Reliability

Reliability

Which migration strategy involves moving to a different product? Refactoring Retiring Replatforming Repurchasing

Repurchasing

Which strategies are included in the six strategies for application migration? (Select TWO.) Revisiting Retaining Remembering Redeveloping Rehosting

Retaining Rehosting

Which Amazon S3 storage classes are optimized for archival data? (Select TWO.) S3 Standard S3 Glacier S3 Intelligent-Tiering S3 Standard-IA S3 Glacier Deep Archive

S3 Glacier S3 Glacier Deep Archive

You want to store data that is infrequently accessed but must be immediately available when needed. Which Amazon S3 storage class should you use? S3 Intelligent-Tiering S3 Glacier Deep Archive S3 Standard-IA S3 Glacier

S3 Standard-IA

software development kits (SDKs)

SDKs enable you to use AWS services with your existing applications or create entirely new applications that will run on AWS.

Which Perspective of the AWS Cloud Adoption Framework helps you structure the selection and implementation of permissions? Governance Perspective Security Perspective Operations Perspective Business Perspective

Security Perspective

Multi-tenancy

Sharing underlying hardware between virtual machines

AWS Snowball offers two types of devices:

Snowball Edge Storage Optimized Snowball Edge Compute Optimized

You have a workload that will run for a total of 6 months and can withstand interruptions. What would be the most cost-efficient Amazon EC2 purchasing option? Reserved Instance Spot Instance Dedicated Instance On-Demand Instance

Spot Instance

Go global in minutes

The AWS Cloud global footprint enables you to quickly deploy applications to customers around the world, while providing them with low latency.

Increase speed and agility

The flexibility of cloud computing makes it easier for you to develop and deploy applications. This flexibility also provides your development teams with more time to experiment and innovate.

Which statement best describes security groups? They are stateful and deny all inbound traffic by default. They are stateful and allow all inbound traffic by default. They are stateless and deny all inbound traffic by default. They are stateless and allow all inbound traffic by default.

They are stateful and deny all inbound traffic by default.

Internet Gateway

To allow public traffic from the internet to access your VPC, you attach an ______ to the VPC.

Which tasks can you perform using AWS CloudTrail? (Select TWO.) Monitor your AWS infrastructure and resources in real time Track user activities and API requests throughout your AWS infrastructure View metrics and graphs to monitor the performance of resources Filter logs to assist with operational analysis and troubleshooting Configure automatic actions and alerts in response to metrics

Track user activities and API requests throughout your AWS infrastructure Filter logs to assist with operational analysis and troubleshooting

Which statement best describes DNS resolution?

Translating a domain name to an IP address

Trade upfront expense for variable expense

Upfront expenses include data centers, physical servers, and other resources that you would need to invest in before using computing resources. Instead of investing heavily in data centers and servers before you know how you're going to use them, you can pay only when you consume computing resources.

Subnet

a section of a VPC that can contain resources such as Amazon EC2 instances

What are the scenarios in which you should use Amazon Relational Database Service (Amazon RDS)? (Select TWO.) Running a serverless database Using SQL to organize data Storing data in a key-value database Scaling up to 10 trillion requests per day Storing data in an Amazon Aurora database

Using SQL to organize data Storing data in an Amazon Aurora database

CloudWatch alarms

With CloudWatch, you can create alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold.

Stop guessing capacity

With cloud computing, you don't have to predict how much infrastructure capacity you will need before deploying an application. For example, you can launch Amazon Elastic Compute Cloud (Amazon EC2) instances when needed and pay only for the compute time you use. Instead of paying for resources that are unused or dealing with limited capacity, you can access only the capacity that you need, and scale in or out in response to demand.

Amazon Managed Blockchain:

a service that you can use to create and manage blockchain networks with open-source frameworks Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority

Edge location

a site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery

Amazon Neptune:

a graph database service, build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs

Rehosting

also known as "lift-and-shift" involves moving applications without changes. In the scenario of a large legacy migration, in which the company is looking to implement its migration and scale quickly to meet a business case, the majority of applications are rehosted.

denial-of-service (DoS)

attack is a deliberate attempt to make a website or application unavailable to users.

Amazon EC2 Auto Scaling

automatically add or remove Amazon EC2 instances in response to changing application demand

Retaining

consists of keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.

The Customer Compliance Center

contains resources to help you learn more about AWS compliance. You can also access compliance white papers and documentation on topics such as: AWS answers to key compliance questions An overview of AWS risk and compliance An auditing security checklist

Snowball Edge Storage Optimized

devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs. Storage: 80 TB of hard disk drive (HDD) capacity for block volumes and Amazon S3 compatible object storage, and 1 TB of SATA solid state drive (SSD) for block volumes. Compute: 40 vCPUs, and 80 GiB of memory to support Amazon EC2 sbe1 instances (equivalent to C5).

The shared responsibility model ___

divides into customer responsibilities (commonly referred to as "security in the cloud") and AWS responsibilities (commonly referred to as "security of the cloud").

Amazon DocumentDB:

document database service that supports MongoDB workloads. (MongoDB is a document database program).

The AWS Free Tier

enables you to begin using certain services without having to worry about incurring costs for the specified period. Three types of offers are available: Always Free 12 Months Free Trials

The AWS Well-Architected Framework

helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud The Well-Architected Framework is based on five pillars: Operational excellence Security Reliability Performance efficiency Cost optimization

The Business Perspective

ensures that IT aligns with business needs and that IT investments link to key business results. Use the Business Perspective to create a strong business case for cloud adoption and prioritize cloud adoption initiatives. Ensure that your business strategies and goals align with your IT strategies and goals. Common roles in the Business Perspective include: Business managers Finance managers Budget owners Strategy stakeholders

The Security Perspective

ensures that the organization meets security objectives for visibility, auditability, control, and agility. Use the AWS CAF to structure the selection and implementation of security controls that meet the organization's needs. Common roles in the Security Perspective include: Chief Information Security Officer (CISO) IT security managers IT security analysts

The Governance Perspective

focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks. Use the Governance Perspective to understand how to update the staff skills and processes necessary to ensure business governance in the cloud. Manage and measure cloud investments to evaluate business outcomes. Common roles in the Governance Perspective include: Chief Information Officer (CIO) Program managers Enterprise architects Business analysts Portfolio managers

Developer Support

have access to features such as: -Best practice guidance -Client-side diagnostic tools -Building-block architecture support, which consists of guidance for how to use AWS offerings, features, and --services together

The Operations Perspective

helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders. Define how day-to-day, quarter-to-quarter, and year-to-year business is conducted. Align with and support the operations of the business. The AWS CAF helps these stakeholders define current operating procedures and identify the process changes and training needed to implement successful cloud adoption. Common roles in the Operations Perspective include: IT operations managers IT support managers

Amazon DynamoDB Accelerator:

in-memory cache for DynamoDB, helps improve response times from single-digit milliseconds to microseconds

The Platform Perspective

includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud. Use a variety of architectural models to understand and communicate the structure of IT systems and their relationships. Describe the architecture of the target state environment in detail. Common roles in the Platform Perspective include: Chief Technology Officer (CTO) IT managers Solutions architects

Repurchasing

involves moving from a traditional license to a software-as-a-service model. For example, a business might choose to implement the repurchasing strategy by migrating from a customer relationship management (CRM) system to Salesforce.com. involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace.

Refactoring (also known as re-architecting)

involves reimagining how an application is architected and developed by using cloud-native features. Refactoring is driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application's existing environment.

IAM group

is a collection of IAM users. When you assign an IAM policy to a group, all users in the group are granted permissions specified by the policy.

AWS Snow Family

is a collection of physical devices that help to physically transport up to exabytes of data into and out of AWS Is composed of AWS Snowcone, AWS Snowball, and AWS Snowmobile.

AWS Marketplace

is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS. For each listing in AWS Marketplace, you can access detailed information on pricing options, available support, and reviews from other AWS customers. -Offers products in several categories, such as Infrastructure Products, Business Applications, Data Products, and DevOps.

IAM policy

is a document that allows or denies permissions to AWS services and resources enable you to customize users' levels of access to resources. For example, you can allow users to access all of the Amazon S3 buckets within your AWS account, or only a specific bucket.

Amazon Simple Notification Service (Amazon SNS)

is a highly available, durable, secure, fully managed publish/subscribe messaging service that enables you to decouple micro-services, distributed systems, and serverless applications subscribers can be web servers, email addresses, AWS Lambda functions, or several other options.

A cryptographic key

is a random string of digits used for locking (encrypting) and unlocking (decrypting) data

Amazon Elastic File System (Amazon EFS)

is a scalable file system used with AWS Cloud services and on-premises resources. As you add and remove files, Amazon EFS grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.

AWS Direct Connect

is a service that enables you to establish a dedicated private connection between your data center and a VPC.

AWS Shield

is a service that protects applications against DDoS attacks. AWS Shield provides two levels of protection: Standard and Advanced.

AWS Artifact

is a service that provides on-demand access to AWS security and compliance reports and select online agreements. consists of two main sections: AWS Artifact Agreements and AWS Artifact Reports.

AWS Snowcone

is a small, rugged, and secure edge computing and data transfer device. It features 2 CPUs, 4 GB of memory, and 8 TB of usable storage.

Amazon CloudWatch

is a web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics. uses metrics to represent the data points for your resources

AWS Snowmobile

is an exabyte-scale data transfer service used to move large amounts of data to AWS. You can transfer up to 100 petabytes of data per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi trailer truck.

IAM role

is an identity that you can assume to gain temporary access to permissions.

IAM user

is an identity that you create in AWS. It represents the person or application that interacts with AWS services and resources. It consists of a name and credentials. -by default, has no permissions, you must grant the IAM user the necessary permissions

Basic Support

is free for all AWS customers. It includes access to whitepapers, documentation, and support communities. With Basic Support, you can also contact AWS for billing questions and service limit increases. Additionally, you can use the AWS Personal Health Dashboard, a tool that provides alerts and remediation guidance when AWS is experiencing events that may affect you.

Reliability pillar

is the ability of a system to do the following: -Recover from infrastructure or service disruptions -Dynamically acquire computing resources to meet demand -Mitigate disruptions such as misconfigurations or transient network issues Reliability includes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.

The Security pillar

is the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. When considering the security of your architecture, apply these best practices: Automate security best practices when possible. Apply security at all layers. Protect data in transit and at rest.

Operational excellence pillar

is the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. Design principles for operational excellence in the cloud include performing operations as code, annotating documentation,

Cost optimization pillar

is the ability to run systems to deliver business value at the lowest price point. Cost optimization includes adopting a consumption model, analyzing and attributing expenditure, and using managed services to reduce the cost of ownership.

Performance efficiency pillar

is the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. Evaluating the performance efficiency of your architecture includes experimenting more often, using serverless architectures, and designing systems to be able to go global in minutes.

Retiring

is the process of removing applications that are no longer needed.

Amazon Quantum Ledger Database (Amazon QLDB):

ledger database service, use Amazon QLDB to review a complete history of all the changes that have been made to your application data

AWS Cloud Adoption Framework (AWS CAF)

organizes guidance into six areas of focus, called Perspectives. Each Perspective addresses distinct responsibilities. The planning process helps the right people across the organization prepare for the changes ahead -The Business, People, and Governance Perspectives focus on business capabilities -The Platform, Security, and Operations Perspectives focus on technical capabilities

Vertically scaling an instance

resizing the instance

Amazon ElastiCache:

service that adds caching layers on top of your databases to help improve the read times of common requests It supports two types of data stores: Redis and Memcached

The People Perspective

supports development of an organization-wide change management strategy for successful cloud adoption. Use the People Perspective to evaluate organizational structures and roles, new skill and process requirements, and identify gaps. This helps prioritize training, staffing, and organizational changes. Common roles in the People Perspective include: Human resources Staffing People managers

Latency

time it takes for data to be sent/received

AWS Management Console

web-based interface for accessing and managing AWS services